CVE-2024-3044 – This vulnerability in LibreOffice allows attack... (How to Fix)

Q: What is the severity of CVE-2024-3044?

CVE-2024-3044 has a CVSS score of 6.5 (MEDIUM). This vulnerability in LibreOffice allows attackers to embed malicious scripts in documents that execute automatically when users click on graphics, bypassing previous security prompts. It affects LibreOffice users who open untrusted documents, particularly those who receive documents via email or downloads. The scripts run with LibreOffice's built-in scripting capabilities, which were previously trusted but are now considered untrusted.

📋 TL;DR

This vulnerability in LibreOffice allows attackers to embed malicious scripts in documents that execute automatically when users click on graphics, bypassing previous security prompts. It affects LibreOffice users who open untrusted documents, particularly those who receive documents via email or downloads. The scripts run with LibreOffice's built-in scripting capabilities, which were previously trusted but are now considered untrusted.

💻 Affected Systems

Products:

LibreOffice

Versions: Specific affected versions not specified in references, but appears to be multiple recent versions prior to patched releases

Operating Systems: Linux, Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected LibreOffice versions are vulnerable when opening documents with embedded graphics containing malicious scripts.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could execute arbitrary code on the victim's system through LibreOffice's scripting capabilities, potentially leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Attackers create malicious documents that execute scripts to steal local files, install malware, or perform other malicious actions when users click on embedded graphics.

🟢

If Mitigated

With proper controls, the impact is limited to isolated document processing with minimal system access, though some data leakage from the document context could still occur.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires creating a malicious document and convincing a user to open it and click on a graphic. No authentication bypass needed beyond user interaction.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: LibreOffice versions with security updates (check vendor advisories for specific version numbers)

Vendor Advisory: https://www.libreoffice.org/about-us/security/advisories/CVE-2024-3044

Restart Required: No

Instructions:

1. Update LibreOffice to the latest patched version from official sources. 2. For Linux distributions, use your package manager (apt update && apt upgrade libreoffice for Debian/Ubuntu, dnf update libreoffice for Fedora/RHEL). 3. For Windows/macOS, download and install the latest version from libreoffice.org.

🔧 Temporary Workarounds

Disable LibreOffice scripting

all

Disable LibreOffice's macro/scripting capabilities to prevent script execution

Not applicable - configure through LibreOffice GUI: Tools > Options > Security > Macro Security > Set to 'Very High'

Use LibreOffice in safe mode

linux

Open documents in safe mode which disables macros and scripts

libreoffice --safe-mode document.odt

🧯 If You Can't Patch

Avoid opening untrusted LibreOffice documents, especially those received via email or downloads
Use alternative document viewers for untrusted files when possible

🔍 How to Verify

Check if Vulnerable:

Check LibreOffice version against patched versions listed in vendor advisories

Check Version:

libreoffice --version (Linux/macOS) or check Help > About LibreOffice (Windows)

Verify Fix Applied:

Verify LibreOffice version is updated to patched release and test with known safe documents containing graphics

📡 Detection & Monitoring

Log Indicators:

Unusual LibreOffice process activity, unexpected script execution events
Multiple document opens with graphic elements from untrusted sources

Network Indicators:

Downloads of LibreOffice documents from suspicious sources followed by unusual outbound connections

SIEM Query:

Process:libreoffice AND (EventID:4688 OR ParentProcess:explorer.exe) AND CommandLine:*odt OR *ods*

📊 Metadata

CVE ID: CVE-2024-3044

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE: CWE-356

Published: May 14, 2024

Last Updated: December 10, 2025

🔗 References

https://lists.debian.org/debian-lts-announce/2024/05/msg00016.html Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TU3TYDXICKPYHMCNL7ARYYBXACEAYJ4/ Mailing List,Third Party Advisory
https://www.libreoffice.org/about-us/security/advisories/CVE-2024-3044 Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/05/msg00016.html Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TU3TYDXICKPYHMCNL7ARYYBXACEAYJ4/ Mailing List,Third Party Advisory
https://www.libreoffice.org/about-us/security/advisories/CVE-2024-3044 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-3044, you might also want to check these: