CVE-2024-6472

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-6472

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6472.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-6472

Downstream

DEBIAN-CVE-2024-6472

DSA-5737-1

RHSA-2024:5583

RHSA-2024:5584

RHSA-2024:5598

RHSA-2024:5599

RHSA-2024:5601

RHSA-2024:5607

RHSA-2024:5608

RHSA-2024:5886

RLSA-2024:5598

UBUNTU-CVE-2024-6472

USN-6962-1

Related

Published

2024-08-05T13:15:47.033Z

Modified

2025-12-12T02:58:47.962830Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Certificate Validation user interface in LibreOffice allows potential vulnerability.

Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the macro is executed.

Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway.

This issue affects LibreOffice: from 24.2 before 24.2.5.

References

https://www.libreoffice.org/about-us/security/advisories/CVE-2024-6472

Affected packages

Git / github.com/libreoffice/core

Affected ranges

Type: GIT
Repo: https://github.com/libreoffice/core
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2ccb78ad6bdfe3f3356a7a7f294ec388775c5816