First published: Tue May 14 2024(Updated: )
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.
Credit: security@documentfoundation.org security@documentfoundation.org
Affected Software | Affected Version | How to fix |
---|---|---|
ubuntu/libreoffice | <1:6.4.7-0ubuntu0.20.04.10 | 1:6.4.7-0ubuntu0.20.04.10 |
ubuntu/libreoffice | <1:7.3.7-0ubuntu0.22.04.5 | 1:7.3.7-0ubuntu0.22.04.5 |
ubuntu/libreoffice | <4:7.6.7-0ubuntu0.23.10.2 | 4:7.6.7-0ubuntu0.23.10.2 |
ubuntu/libreoffice | <4:24.2.3-0ubuntu0.24.04.2 | 4:24.2.3-0ubuntu0.24.04.2 |
ubuntu/libreoffice | <7.6.7<24.2.3<4:24.2.3~ | 7.6.7 24.2.3 4:24.2.3~ |
debian/libreoffice | <=1:6.1.5-3+deb10u7<=1:7.0.4-4+deb11u8<=4:7.4.7-1+deb12u1 | 1:6.1.5-3+deb10u12 1:7.0.4-4+deb11u9 4:7.4.7-1+deb12u2 4:24.2.4-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.