An Improper Certificate Validation vulnerability in LibreOffice allowed
an attacker to self sign an ODF document, with a signature untrusted by
the target, then modify it to change the signature algorithm to an
invalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a
valid signature issued by a trusted person
This issue affects LibreOffice: from 7.0 before 7.0.5, from 7.1 before 7.1.1.
Metrics
Affected Vendors & Products
References
History
Fri, 21 Mar 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 21 Mar 2025 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A flaw was found in LibreOffice, where it improperly validated signatures for algorithms that were not verified. This flaw leads to LibreOffice presenting a valid signature when the validity of the signature was not verified. The highest threat from this vulnerability is to confidentiality and integrity. | An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a valid signature issued by a trusted person This issue affects LibreOffice: from 7.0 before 7.0.5, from 7.1 before 7.1.1. |
Title | libreoffice: Content Manipulation with Certificate Validation Attack | Content Manipulation with Certificate Validation Attack |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: Document Fdn.
Published: 2025-03-21T14:52:50.484Z
Updated: 2025-03-21T15:13:24.100Z
Reserved: 2021-01-19T22:48:43.994Z
Link: CVE-2021-25635

Updated: 2025-03-21T15:13:15.453Z

Status : Received
Published: 2025-03-21T15:15:35.707
Modified: 2025-03-21T15:15:35.707
Link: CVE-2021-25635
