CVE-2024-7788

Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.libreoffice.org/about-us/security/advisories/CVE-2024-7788	Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/10/msg00007.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:52

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/10/msg00007.html -

25 Sep 2024, 19:56

Type	Values Removed	Values Added
CPE		cpe:2.3:a:libreoffice:libreoffice::::::::
References	~~() https://www.libreoffice.org/about-us/security/advisories/CVE-2024-7788 -~~	() https://www.libreoffice.org/about-us/security/advisories/CVE-2024-7788 - Vendor Advisory
First Time		Libreoffice Libreoffice libreoffice

20 Sep 2024, 12:30

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de invalidación de firma digital incorrecta en el modo de reparación zip de The Document Foundation LibreOffice permite vulnerabilidad de falsificación de firma en LibreOfficeEste problema afecta a LibreOffice: desde 24.2 hasta < 24.2.5.

17 Sep 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-17 15:15

Updated : 2024-11-21 09:52

NVD link : CVE-2024-7788

Mitre link : CVE-2024-7788

CVE.ORG link : CVE-2024-7788

JSON object : View

Products Affected

libreoffice

libreoffice

CWE

CWE-347

Improper Verification of Cryptographic Signature

{"id": "CVE-2024-7788", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@documentfoundation.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-09-17T15:15:14.413", "references": [{"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2024-7788", "tags": ["Vendor Advisory"], "source": "security@documentfoundation.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00007.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@documentfoundation.org", "description": [{"lang": "en", "value": "CWE-347"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "Improper Digital Signature Invalidation\u00a0 vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5."}, {"lang": "es", "value": "Vulnerabilidad de invalidaci\u00f3n de firma digital incorrecta en el modo de reparaci\u00f3n zip de The Document Foundation LibreOffice permite vulnerabilidad de falsificaci\u00f3n de firma en LibreOfficeEste problema afecta a LibreOffice: desde 24.2 hasta < 24.2.5."}], "lastModified": "2024-11-21T09:52:07.257", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ED260C8-BAEA-47C1-BA83-AC2671E59D29", "versionEndExcluding": "24.2.5", "versionStartIncluding": "24.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@documentfoundation.org"}