CVE-2024-7788: Signatures in "repair mode" should not be trusted
Published Sep 17, 2024
·Updated
Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.
Affected Software
2 affected componentsFixes available
debian/libreoffice<=1:7.0.4-4+deb11u10, <=4:7.4.7-1+deb12u4
4:7.4.7-1+deb12u54:24.2.5-44:24.2.6-2
LibreOffice Libreoffice>=24.2.0<24.2.5
Event History
Sep 17, 2024
CVE Published
via MITRE·02:28 PM
Data Sourced
via MITRE·02:28 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·03:15 PM
DescriptionSeverityWeakness
Sep 19, 2024
Data Sourced
via Ubuntu·04:38 PM
RemedyDescriptionSeverityAffected Software
Jul 4, 56726
Event
via FIRST·01:15 PM
Frequently Asked Questions
1
What is the severity of CVE-2024-7788?
CVE-2024-7788 is classified as a moderate severity vulnerability due to the potential for signature forgery.
2
How do I fix CVE-2024-7788?
To fix CVE-2024-7788, upgrade LibreOffice to versions 24.2.5 or later.
3
What versions of LibreOffice are affected by CVE-2024-7788?
CVE-2024-7788 affects LibreOffice versions from 24.2.0 to prior than 24.2.5.
4
What impact does CVE-2024-7788 have on document security?
CVE-2024-7788 allows for possible signature forgery, compromising the integrity of documents.
5
Is there a workaround for CVE-2024-7788?
The recommended approach for CVE-2024-7788 is to upgrade to a protected version rather than relying on a workaround.