Launchpad.net

CVE 2024-3044

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.

Related bugs and status

CVE-2024-3044 (Candidate) is related to these bugs:

Bug #2064667: [SRU] libreoffice 24.2.3 for noble

Summary				In	Importance	Status
	2064667	[SRU] libreoffice 24.2.3 for noble		libreoffice (Ubuntu)	Undecided	Fix Released
	2064667	[SRU] libreoffice 24.2.3 for noble		libreoffice (Ubuntu Noble)	High	Fix Released

Bug #2065152: [SRU] libreoffice 7.6.7 for mantic

Summary				In	Importance	Status
	2065152	[SRU] libreoffice 7.6.7 for mantic		libreoffice (Ubuntu)	Undecided	Fix Released
	2065152	[SRU] libreoffice 7.6.7 for mantic		libreoffice (Ubuntu Mantic)	High	Fix Released

Bug #2065728: CVE-2024-3044

		In	Importance	Status
2065728	CVE-2024-3044	libreoffice (Ubuntu)	Undecided	Fix Committed
2065728	CVE-2024-3044	libreoffice (Ubuntu Mantic)	High	Fix Released
2065728	CVE-2024-3044	libreoffice (Ubuntu Focal)	High	Fix Released
2065728	CVE-2024-3044	libreoffice (Ubuntu Noble)	High	Fix Released
2065728	CVE-2024-3044	libreoffice (Ubuntu Jammy)	High	Fix Released

Bug #2067261: [BPO] libreoffice 7.6.7 for jammy

Summary				In	Importance	Status
	2067261	[BPO] libreoffice 7.6.7 for jammy		libreoffice (Ubuntu)	Undecided	Fix Released
	2067261	[BPO] libreoffice 7.6.7 for jammy		libreoffice (Ubuntu Jammy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://www.libreoffic...