CVE-2024-3044

EPSS 3.14%
Veröffentlicht 14.05.2024 21:15:12
Zuletzt bearbeitet 10.12.2025 19:10:17
Quelle security@documentfoundation.or
CVE-Watchlists
Login
Unerledigt
Login

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Libreoffice ≫ Libreoffice Version < 7.6.7.1

Libreoffice ≫ Libreoffice Version >= 24.2.0.0 < 24.2.3.1

Fedoraproject ≫ Fedora Version39

Debian ≫ Debian Linux Version10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.14%	0.864

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE-356 Product UI does not Warn User of Unsafe Actions

The product's user interface does not warn the user before undertaking an unsafe action on behalf of that user. This makes it easier for attackers to trick users into inflicting damage to their system.

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://lists.debian.org/debian-lts-announce/2024/05/msg00016.html

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TU3TYDXICKPYHMCNL7ARYYBXACEAYJ4/

Third Party Advisory

Mailing List

https://www.libreoffice.org/about-us/security/advisories/CVE-2024-3044

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-3044

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-3044

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-3044

EUVD