Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2021-25633
HistoryOct 11, 2021 - 12:00 a.m.

CVE-2021-25633

2021-10-1100:00:00
ubuntu.com
ubuntu.com
16

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

39.0%

JSON

LibreOffice supports digital signatures of ODF documents and macros within
documents, presenting visual aids that no alteration of the document
occurred since the last signing and that the signature is valid. An
Improper Certificate Validation vulnerability in LibreOffice allowed an
attacker to create a digitally signed ODF document, by manipulating the
documentsignatures.xml or macrosignatures.xml stream within the document to
combine multiple certificate data, which when opened caused LibreOffice to
display a validly signed indicator but whose content was unrelated to the
signature shown. This issue affects: The Document Foundation LibreOffice
7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2.

Notes

Author Note
mdeslaur The code changes required to fix this issue in Ubuntu 18.04 LTS are extensive. We will not be fixing this issue in Ubuntu 18.04 LTS.
OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlibreoffice< 1:6.4.7-0ubuntu0.20.04.2UNKNOWN

Related

cnvd 1
alpinelinux 1
redhatcve 1
prion 2
redos 1
debiancve 1
cve 2
nessus 8
kaspersky 1
openvas 3
osv 4
debian 1
ubuntu 1
oraclelinux 1
rocky 1
redhat 1
almalinux 1
mageia 1
thn 1
freebsd 1
cnvd
cnvd
LibreOffice Trust Management Issue Vulnerability (CNVD-2022-55627)
2021-10-18 00:00:00
alpinelinux
alpinelinux
CVE-2021-25633
2021-10-11 17:15:00
redhatcve
redhatcve
CVE-2021-25633
2021-10-12 08:41:14
prion
prion
Input validation
2021-10-11 17:15:00
Code injection
2021-10-11 08:15:00
redos
redos
ROS-20211223-02
2021-12-23 00:00:00
debiancve
debiancve
CVE-2021-25633
2021-10-11 17:15:00
cve
cve
CVE-2021-25633
2021-10-11 17:15:00
CVE-2021-41830
2021-10-11 08:15:00
nessus
nessus
Ubuntu 20.04 LTS : LibreOffice vulnerabilities (USN-5153-1)
2021-11-23 00:00:00
Debian DSA-4988-1 : libreoffice - security update
2021-10-17 00:00:00
AlmaLinux 8 : libreoffice (ALSA-2022:1766)
2022-05-12 00:00:00
kaspersky
kaspersky
KLA12323 Multiple vulnerabilities in LibreOffice
2021-09-19 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5153-1)
2021-11-23 00:00:00
Debian: Security Advisory (DSA-4988-1)
2021-10-18 00:00:00
Mageia: Security Advisory (MGASA-2021-0471)
2022-01-28 00:00:00
osv
osv
libreoffice vulnerabilities
2021-11-22 13:11:32
libreoffice - security update
2021-10-16 00:00:00
Moderate: libreoffice security, bug fix, and enhancement update
2022-05-10 08:00:06
debian
debian
[SECURITY] [DSA 4988-1] libreoffice security update
2021-10-16 19:23:57
ubuntu
ubuntu
LibreOffice vulnerabilities
2021-11-22 00:00:00
oraclelinux
oraclelinux
libreoffice security, bug fix, and enhancement update
2022-05-17 00:00:00
rocky
rocky
libreoffice security, bug fix, and enhancement update
2022-05-10 08:00:06
redhat
redhat
(RHSA-2022:1766) Moderate: libreoffice security, bug fix, and enhancement update
2022-05-10 08:00:06
almalinux
almalinux
Moderate: libreoffice security, bug fix, and enhancement update
2022-05-10 08:00:06
mageia
mageia
Updated libreoffice packages fix security vulnerability
2021-10-12 09:56:11
thn
thn
Digital Signature Spoofing Flaws Uncovered in OpenOffice and LibreOffice
2021-10-12 09:02:00
freebsd
freebsd
Apache OpenOffice -- multiple vulnerabilities.
2021-05-04 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

39.0%

JSON
Related for UB:CVE-2021-25633
cnvd1alpinelinux1redhatcve1prion2redos1debiancve1cve2nessus8kaspersky1openvas3osv4debian1ubuntu1oraclelinux1rocky1redhat1almalinux1mageia1thn1freebsd1