• About Us /
• Security /
• Security Advisories /
• CVE-2024-6472

CVE-2024-6472

Title: CVE-2024-6472: Ability to trust not validated macro signatures removed in high security mode

Announced: Aug 05, 2024

Fixed in: LibreOffice 24.2.5

Description:

Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the macro is executed.

Previously if verification failed the user could choose to ignore the failure and enable the macros anyway.

Now in High Macro Security mode (the default) LibreOffice automatically disables macros that fail the certificate check.

Users are recommended to upgrade to 24.2.5 to gain this enhacement.

Credit:

Thanks to OpenSource Security GmbH on behalf of the German Federal Office for Information Security for finding and reporting this issue.
Thanks to Sarper Akdemir of allotropia for providing a fix.

References:

• CVE-2024-6472