LibreOffice: Repair mode enables signature forgery

The developers of LibreOffice warn of a security vulnerability in the document repair function of the office software suite. After such a repair, prepared documents could have an inappropriate signature status and irregularly enable the execution of macros.

According to the now published vulnerability description of LibreOffice, the office suite attempts to repair defective file formats based on the zip format. To do this, the repair function searches for secondary file headers in the zip structure in order to restore a document. Attackers can create prepared documents that contain a digital signature. After the repair, the signature is reported with a status that does not match the recovered document – and is therefore a signature forgery (CVE-2024-7788, CVSS 7.8, risk"high").

Error allows macro execution

This allows macros to be executed in documents, for example. This used to be a frequently abused gateway for malware until the execution of active elements in Office documents was rigorously curbed. If the signature check fails for the defective file, an error message is still displayed – where users can choose to ignore the error and execute the macros anyway. The behavior was also recently corrected.

The vulnerability affects LibreOffice versions prior to 24.2.5 or 24.8.0. These have been available for several weeks, currently versions 24.2.6 and 24.8.1 are available on the LibreOffice download page. They correct the error by evaluating all signatures as implicitly invalid in repaired documents.

Read also

LibreOffice improves macro security

The fact that macros could be executed after user confirmation despite failed signature verification was the subject of a security update for the open source office suite at the beginning of August. The vulnerability was reported to the project by OpenSource Security GmbH on behalf of the German Federal Office for Information Security (BSI).

(dmk)