The Document Foundation Libreoffice vulnerabilities

CVE-2021-25634 [HIGH] CWE-295 Timestamp Manipulation with Signature Wrapping Timestamp Manipulation with Signature Wrapping LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time tim

CVE-2021-25633 [HIGH] CWE-295 Content Manipulation with Double Certificate Attack Content Manipulation with Double Certificate Attack LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documents

CVE-2021-25631 [HIGH] CWE-184 CVE-2021-25631: In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.

CVE-2020-12802 [MEDIUM] CWE-200 CVE-2020-12802: LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where remote graphic links loaded from docx documents

CVE-2020-12803 [MEDIUM] CWE-20 CVE-2020-12803: ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained f ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need for macros or other active scripting Prior to version 6.

CVE-2020-12801 [MEDIUM] CWE-311 CVE-2020-12801: If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice's default ODF file format, then affected versions of L