{"id":"CVE-2024-3044","details":"Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.","modified":"2026-03-20T04:23:28.625866Z","published":"2024-05-14T21:15:12.627Z","related":["ALSA-2024:4242","ALSA-2024:4755","MGASA-2024-0209","SUSE-SU-2024:2257-1","SUSE-SU-2024:2258-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2024/05/msg00016.html"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TU3TYDXICKPYHMCNL7ARYYBXACEAYJ4/"},{"type":"ADVISORY","url":"https://www.libreoffice.org/about-us/security/advisories/CVE-2024-3044"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libreoffice/core","events":[{"introduced":"0"},{"fixed":"0f458d26d32bd4a104df739f333933aafae2536c"},{"introduced":"0"},{"fixed":"fc604d5980a783e74808a001f1918a603d920494"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"7.6.7.1"},{"introduced":"24.2.0.0"},{"fixed":"24.2.3.1"}]}}],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"39"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-3044.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}]}