Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-25636

Опубликовано: 24 фев. 2022
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.

РелизСтатусПримечание
bionic

released

1:6.0.7-0ubuntu0.18.04.11
devel

not-affected

1:7.2.5~rc2-0ubuntu1
esm-infra/focal

not-affected

1:6.4.7-0ubuntu0.20.04.4
focal

released

1:6.4.7-0ubuntu0.20.04.4
impish

released

1:7.2.5-0ubuntu0.21.10.3
jammy

not-affected

1:7.2.5~rc2-0ubuntu1
kinetic

not-affected

1:7.2.5~rc2-0ubuntu1
lunar

not-affected

1:7.2.5~rc2-0ubuntu1
trusty

ignored

end of standard support
upstream

released

1:7.3.0-1,7.2.5

Показывать по

EPSS

Процентиль: 40%
0.00184
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVSS3: 6.2
redhat
больше 3 лет назад

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.

CVSS3: 7.5
nvd
больше 3 лет назад

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.

CVSS3: 7.5
debian
больше 3 лет назад

LibreOffice supports digital signatures of ODF documents and macros wi ...

suse-cvrf
больше 3 лет назад

Security update for libreoffice

suse-cvrf
больше 3 лет назад

Security update for libreoffice

EPSS

Процентиль: 40%
0.00184
Низкий

5 Medium

CVSS2

7.5 High

CVSS3