CVE-2021-25634

Published: Oct 12, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2.

Affected (3)

Products: Libreoffice: Libreoffice · Debian: Debian Linux

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Libreoffice Libreoffice	From 7.0.0 to 7.0.6
Libreoffice Libreoffice	From 7.1.0 to 7.1.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 11.0

Related CWEs

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (4)

https://www.debian.org/security/2021/dsa-4988

Source: security@documentfoundation.org

Third Party Advisory

https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634

Source: security@documentfoundation.org

Vendor Advisory

https://www.debian.org/security/2021/dsa-4988

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.