CVE-2021-25635

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-25635

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25635.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-25635

Downstream

RHSA-2022:1766

UBUNTU-CVE-2021-25635

Related

Published

2025-03-21T15:15:35.707Z

Modified

2025-12-12T02:57:32.606055Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a valid signature issued by a trusted person

This issue affects LibreOffice: from 7.0 before 7.0.5, from 7.1 before 7.1.1.

References

https://www.libreoffice.org/about-us/security/advisories/cve-2021-25635/

Affected packages

Git / github.com/libreoffice/core

Affected ranges

Type: GIT
Repo: https://github.com/libreoffice/core
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

22aa6743f53547be737cebf9a34be16c35f90d6c