CVE-2021-25634

CWE-295Improper Certificate Validation7 documents7 sources
Severity
7.5HIGH
EPSS
0.4%
top 38.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
THE Document Foundation LibreofficeLibreoffice LibreofficeApache Software Foundation Apache Openoffice+1 more
Timeline
PublishedOct 12
Latest updateMay 24

Description

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects:

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5the_document_foundation/libreoffice7-07.0.6+1
NVDlibreoffice/libreoffice7.0.07.0.6+1
Debianlibreoffice< 1:7.0.4-4+deb11u1+3
CVEListV5apache_software_foundation/apache_openofficeApache OpenOffice4.1.10+1

Also affects: Debian Linux 11.0

🔴Vulnerability Details

3
GHSA
GHSA-v4mw-2fgp-8j6c: LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurr2022-05-24
CVEList
Timestamp Manipulation with Signature Wrapping2021-10-12
OSV
CVE-2021-25634: LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurr2021-10-12

📋Vendor Advisories

3
Ubuntu
LibreOffice vulnerabilities2021-11-22
Red Hat
libreoffice: Timestamp Manipulation with Signature Wrapping2021-10-11
Debian
CVE-2021-25634: libreoffice - LibreOffice supports digital signatures of ODF documents and macros within docum...2021
CVE-2021-25634 (HIGH CVSS 7.5) | LibreOffice supports digital signat | cvebase.io