Main Vulnerability Database Vulnerabilities #VU93313

Improper Certificate Validation in LibreOffice - CVE-2024-5261

Published: June 25, 2024

Vulnerability identifier: #VU93313

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-5261

CWE-ID: CWE-295

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: LibreOffice

Affected software:
LibreOffice

Detailed vulnerability description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to missing certificate validation within the LibreOfficeKit when calling "curl" to fetch remote resources such as images hosted on web servers. A remote attacker can perform MitM attack.

How to mitigate CVE-2024-5261

Install updates from vendor's website.

Sources

https://www.libreoffice.org/about-us/security/advisories/cve-2024-5261

Improper Certificate Validation in LibreOffice - CVE-2024-5261

Detailed vulnerability description

How to mitigate CVE-2024-5261

Sources

Please verify you're human