CVE-2024-3044

Publication date 14 May 2024

Last updated 30 May 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

6.5 · Medium

Score breakdown

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.

Status

Package Ubuntu Release Status
libreoffice 24.04 LTS noble
Fixed 4:24.2.3-0ubuntu0.24.04.2
23.10 mantic
Fixed 4:7.6.7-0ubuntu0.23.10.2
22.04 LTS jammy
Fixed 1:7.3.7-0ubuntu0.22.04.5
20.04 LTS focal
Fixed 1:6.4.7-0ubuntu0.20.04.10

Severity score breakdown

Parameter Value
Base score 6.5 · Medium
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact Low
Availability impact Low
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

References

Related Ubuntu Security Notices (USN)

    • USN-6789-1
    • LibreOffice vulnerability
    • 28 May 2024

Other references