CVE-2021-25635

An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a valid signature issued by a trusted person

This issue affects LibreOffice: from 7.0 before 7.0.5, from 7.1 before 7.1.1.

References

https://www.libreoffice.org/about-us/security/advisories/cve-2021-25635/

Affected packages

Git / github.com/libreoffice/core

Affected ranges

Type

GIT

Repo

https://github.com/libreoffice/core

Events

Introduced

Fixed

22aa6743f53547be737cebf9a34be16c35f90d6c

Introduced

Last affected

575c5867c4cc13d7ae78f9ce39a54a52ed38c769

Database specific

{
    "versions": [
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.0.5.1"
        },
        {
            "introduced": "7.1.0.0"
        },
        {
            "last_affected": "7.1.1.1"
        }
    ]
}

Affected versions

Other

MELD_LIBREOFFICE_REPOS

libreoffice-3-5-branch-point

libreoffice-3-6-branch-point

libreoffice-4-0-branch-point

libreoffice-4-1-branch-point

libreoffice-4-2-branch-point

libreoffice-4-2-milestone-1

libreoffice-4-3-branch-point

libreoffice-4-4-branch-point

libreoffice-5-0-branch-point

libreoffice-5-1-branch-point

libreoffice-5-2-branch-point

libreoffice-5-3-branch-point

libreoffice-5-4-branch-point

libreoffice-6-0-branch-point

libreoffice-6-1-branch-point

libreoffice-6-2-branch-point

libreoffice-6-3-branch-point

libreoffice-6-4-branch-point

libreoffice-7-0-branch-point

libreoffice-7-1-branch-point

windows_build_successful_2011_11_08

gpg4libre-review-5.*

gpg4libre-review-5.4.99

libreoffice-3.*

libreoffice-3.5.0.0

libreoffice-7.*

libreoffice-7.1.1.1

sdremote-2.*

sdremote-2.0.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25635.json"