CVE-2024-5261

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-5261

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-5261.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-5261

Related

Published

2024-06-25T13:15:50Z

Modified

2024-09-18T03:26:40.787888Z

Summary

[none]

Details

Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification

LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice as a library to convert, view or otherwise interact with documents.

LibreOffice internally makes use of "curl" to fetch remote resources such as images hosted on webservers.

In affected versions of LibreOffice, when used in LibreOfficeKit mode only, then curl's TLS certification verification was disabled (CURLOPTSSLVERIFYPEER of false)

In the fixed versions curl operates in LibreOfficeKit mode the same as in standard mode with CURLOPTSSLVERIFYPEER of true.

This issue affects LibreOffice before version 24.2.4.

References

Affected packages

Debian:13 / libreoffice

Package

Name: libreoffice
Purl: pkg:deb/debian/libreoffice?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4:24.2.4-1

Affected versions

4:7.*

4:7.4.5-3

4:7.4.7-1~bpo11+1

4:7.4.7-1

4:7.5.0~rc2-7

4:7.5.0~rc3-1

4:7.5.1~rc1-1

4:7.5.1~rc2-1

4:7.5.2~rc1-1

4:7.5.2~rc2-1

4:7.5.3~rc1-1

4:7.5.3~rc2-1

4:7.5.4~rc1-1

4:7.5.4~rc1-2

4:7.5.4~rc1-3

4:7.5.4~rc1-4

4:7.5.4~rc2-1

4:7.5.4-1

4:7.5.4-2

4:7.5.4-3

4:7.5.4-4

4:7.5.5~rc1-1

4:7.5.5~rc1-2

4:7.5.5~rc1-3

4:7.5.5~rc1-4

4:7.5.5~rc1-5

4:7.5.5~rc2-1

4:7.5.5-1

4:7.5.5-2

4:7.5.5-3~bpo12+1

4:7.5.5-3

4:7.5.5-4~bpo12+1

4:7.5.5-4

4:7.5.6-1~bpo12+1

4:7.5.6-1

4:7.5.7-1

4:7.5.8~rc1-1

4:7.5.8~rc1-2

4:7.5.8-1~bpo12+1

4:7.5.8-1

4:7.5.9~rc1-1~bpo12+1

4:7.5.9~rc1-1~bpo12+2

4:7.5.9~rc1-1

4:7.6.0~rc1-1

4:7.6.0~rc1-2

4:7.6.0~rc2-1

4:7.6.0~rc2-2

4:7.6.0~rc3-1

4:7.6.1~rc1-1

4:7.6.1~rc2-1

4:7.6.1~rc2-2

4:7.6.2-1

4:7.6.2-2

4:7.6.2-3

4:7.6.2-4

4:7.6.2-5

4:7.6.3~rc1-1

4:7.6.3~rc1-2

4:7.6.3~rc2-1

4:7.6.3~rc2-2

4:7.6.3-1

4:7.6.3-2

4:7.6.4~rc1-1~bpo12+1

4:7.6.4~rc1-1

4:24.*

4:24.2.0~alpha1-1

4:24.2.0~beta1-1

4:24.2.0~rc1-1

4:24.2.0~rc1-2

4:24.2.0~rc2-1

4:24.2.0~rc2-2~bpo12+1

4:24.2.0~rc2-2

4:24.2.0-1~bpo12+1

4:24.2.0-1

4:24.2.0-2

4:24.2.0-3

4:24.2.1~rc1-1

4:24.2.1~rc2-1

4:24.2.1-1

4:24.2.1-2

4:24.2.1-3

4:24.2.1-4

4:24.2.2~rc1-1

4:24.2.2~rc1-2

4:24.2.2~rc2-1

4:24.2.2~rc2-2

4:24.2.2-1

4:24.2.2-2

4:24.2.2-3

4:24.2.3~rc1-1

4:24.2.3~rc1-2

4:24.2.3~rc1-3

4:24.2.3~rc2-1

4:24.2.3-1~bpo12+1

4:24.2.3-1

4:24.2.3-2

4:24.2.4-1~bpo12+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}