Description

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2.

Related CPE's

a

libreoffice

libreoffice

2

o

debian

debian_linux

11.0

Vulnerable

References

https://www.debian.org/security/2021/dsa-4988

Third Party Advisory

https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-295

[email protected]

Secondary
CWE-295

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-10-12T14:15:08.290

3 years ago

Last modified

2021-10-18T19:29:46.820

3 years ago