Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-25634

Опубликовано: 12 окт. 2021
Источник: debian
EPSS Низкий

Описание

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libreofficefixed1:7.2.0-2package
libreofficeignoredbusterpackage
libreofficenot-affectedstretchpackage

Примечания

  • https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634

  • https://www.openwall.com/lists/oss-security/2021/10/11/2

  • XAdES/xades:SigningTime support introduced in 5.3, but pre-requisite for CVE-2021-25633/25634 also introduces it

  • Pre-requisites (replacement for XSecParser):

  • https://github.com/LibreOffice/core/commit/ad5930e87e788780a255523f106deb1dde5d7b37 (7-0)

  • https://github.com/LibreOffice/core/commit/d92235df75829a8cf2ee8cc7b0b76063093b6cc2 (7-1)

  • Fixed by: https://github.com/LibreOffice/core/commit/abe77c4fcb9ea97d9fff07eaea6d8863bcba5b02 (7-0)

  • Fixed by: https://github.com/LibreOffice/core/commit/94ce59dd02fcfcaa1eb4f195b45a9a2edbd58242 (7-0)

  • Fixed by: https://github.com/LibreOffice/core/commit/89befefb98487a27bff1003084e1200320828b3f (7-1)

  • Fixed by: https://github.com/LibreOffice/core/commit/b776cf1281660cf495e12824872576bb8e99d569 (7-1)

EPSS

Процентиль: 45%
0.0022
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2021-25634

CVSS3: 7.5
ubuntu
около 4 лет назад

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2.

redhat логотип

CVE-2021-25634

CVSS3: 7.1
redhat
около 4 лет назад

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2.

nvd логотип

CVE-2021-25634

CVSS3: 7.5
nvd
около 4 лет назад

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2.

github логотип

GHSA-v4mw-2fgp-8j6c

github
больше 3 лет назад

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2.

fstec логотип

BDU:2022-05923

CVSS3: 7.5
fstec
около 4 лет назад

Уязвимость пакета офисных программ LibreOffice, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю оказать воздействие на целостность данных

EPSS

Процентиль: 45%
0.0022
Низкий