CVE-2024-7788 Signatures in "repair mode" should not be trusted

2024-09-1714:28:36

CWE-347

Document Fdn.

github.com

cve-2024-7788

signature forgery

zip repair mode

document foundation libreoffice

digital signature invalidation

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:thedocumentfoundation:libreoffice:*:*:*:*:*:*:*:*"
    ],
    "vendor": "thedocumentfoundation",
    "product": "libreoffice",
    "versions": [
      {
        "status": "affected",
        "version": "24.2",
        "lessThan": "24.2.5",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]