CVE-2024-7788

2024-09-1715:15:14

Debian Security Bug Tracker

security-tracker.debian.org

zip repair mode

digital signature

vulnerability

libreoffice

cve-2024-7788

unix

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

Low

EPSS

Percentile

9.6%

JSON

Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.

OSVersionArchitecturePackageVersionFilename
Debian12alllibreoffice< 4:7.4.7-1+deb12u5libreoffice_4:7.4.7-1+deb12u5_all.deb
Debian11alllibreoffice<= 1:7.0.4-4+deb11u10libreoffice_1:7.0.4-4+deb11u10_all.deb
Debian999alllibreoffice< 4:24.2.5-1libreoffice_4:24.2.5-1_all.deb
Debian13alllibreoffice< 4:24.2.5-1libreoffice_4:24.2.5-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	libreoffice	< 4:7.4.7-1+deb12u5	libreoffice_4:7.4.7-1+deb12u5_all.deb
Debian	11	all	libreoffice	<= 1:7.0.4-4+deb11u10	libreoffice_1:7.0.4-4+deb11u10_all.deb
Debian	999	all	libreoffice	< 4:24.2.5-1	libreoffice_4:24.2.5-1_all.deb
Debian	13	all	libreoffice	< 4:24.2.5-1	libreoffice_4:24.2.5-1_all.deb