CVE-2021-25635 | THREATINT

Description

An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a valid signature issued by a trusted person This issue affects LibreOffice: from 7.0 before 7.0.5, from 7.1 before 7.1.1.

PUBLISHED Reserved 2021-01-19 | Published 2025-03-21 | Updated 2025-03-21 | Assigner Document Fdn.

MEDIUM: 5.2CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H

Problem types

CWE-295 Improper Certificate Validation

Product status

Default status

unknown

7.0 (7.0 series) before 7.0.5

affected

7.1 (7.1 series) before 7.1.1

affected

Credits

NDS of Ruhr University Bochum finder

References

www.libreoffice.org/...s/security/advisories/cve-2021-25635/

cve.org (CVE-2021-25635)

nvd.nist.gov (CVE-2021-25635)

Download JSON