CVE-2024-3044

Publication date 14 May 2024

Last updated 24 July 2024

Ubuntu priority

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libreoffice	24.04 LTS noble	Fixed 4:24.2.3-0ubuntu0.24.04.2
	23.10 mantic	Fixed 4:7.6.7-0ubuntu0.23.10.2
	22.04 LTS jammy	Fixed 1:7.3.7-0ubuntu0.22.04.5
	20.04 LTS focal	Fixed 1:6.4.7-0ubuntu0.20.04.10

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-6789-1
LibreOffice vulnerability
28 May 2024

Other references

https://www.cve.org/CVERecord?id=CVE-2024-3044
https://www.libreoffice.org/about-us/security/advisories/cve-2024-3044/