CVE-2021-25635

An Improper Certificate Validation vulnerability in LibreOffice allowed 
an attacker to self sign an ODF document, with a signature untrusted by 
the target, then modify it to change the signature algorithm to an 
invalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a 
valid signature issued by a trusted person


This issue affects LibreOffice: from 7.0 before 7.0.5, from 7.1 before 7.1.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
Document Fdn.CNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Debian logo
Debian Releases
Debian Product
Codename
libreoffice
bullseye
1:7.0.4-4+deb11u10
fixed
bullseye (security)
1:7.0.4-4+deb11u11
fixed
bookworm
4:7.4.7-1+deb12u4
fixed
bookworm (security)
4:7.4.7-1+deb12u5
fixed
sid
4:24.8.2-2
fixed
trixie
4:24.8.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libreoffice
jammy
not-affected
impish
not-affected
hirsute
not-affected
focal
not-affected
bionic
not-affected
xenial
ignored
trusty
ignored
Common Weakness Enumeration
References
https://www.libreoffice.org/about-us/security/advisories/cve-2021-25635/