Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:34379
HistoryFeb 25, 2022 - 12:44 a.m.

Improper Verification Of Signature

2022-02-2500:44:55
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12

EPSS

0.001

Percentile

38.9%

libreoffice:sid is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both X509Data and KeyValue children of the KeyInfo tag. When opened, it causes LibreOffice to verify the KeyValue but to report that the verification is made with the unrelated X509Data value.