Main Vulnerability Database Vulnerabilities #VU95342

Improper Certificate Validation in LibreOffice - CVE-2024-6472

Published: August 5, 2024

Vulnerability identifier: #VU95342

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-6472

CWE-ID: CWE-295

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: LibreOffice

Affected software:
LibreOffice

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due improper certificate validation when handling documents with signed macros inside. If the macro has an untrusted signature, the use can ignore the failure and enable the macros anyway.

How to mitigate CVE-2024-6472

Install updates from vendor's website.

Sources

https://www.libreoffice.org/about-us/security/advisories/CVE-2024-6472

Improper Certificate Validation in LibreOffice - CVE-2024-6472

Detailed vulnerability description

How to mitigate CVE-2024-6472

Sources

Please verify you're human