CVE-2021-25634— LibreOffice 信任管理问题漏洞

Timestamp Manipulation with Signature Wrapping

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2.

N/A

证书验证不恰当

LibreOffice 信任管理问题漏洞

LibreOffice是文档基金会（The Document Foundation，tdf）的一套开源的办公软件套件。该产品包含Writer（文本文档）、Calc（电子表格）和Impress（演示文稿）等应用程序。 LibreOffice存在信任管理问题漏洞，该漏洞源于应用程序未正确检查ODF文件的数字签名。攻击者可利用该漏洞将文档中的签名算法更改为无效的(或LibreOffice未知的)算法，LibreOffice将错误地将这种使用未知算法的签名表示为可信人员签发的有效签名。

N/A

N/A