CVE-2024-3044

CVE-2024-3044: Graphic on-click binding allows unchecked script execution

Vendor The Document Foundation
Product LibreOffice
Weakness CWE-356
Published May 14, 2024
Last update November 12, 2024

CVSS base score

What the vulnerability does

01Description

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.

Key dates

02Disclosure timeline

May 14, 2024 CVE published
November 12, 2024 Record updated