All the vulnerabilites related to The Document Foundation - LibreOffice
cve-2024-3044
Vulnerability from cvelistv5
Published
2024-05-14 20:19
Modified
2024-11-12 20:14
Severity ?
EPSS score ?
Summary
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Document Foundation | LibreOffice |
Version: 7.6 Version: 24.2 |
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-3044", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-16T18:55:50.828860Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-12T20:14:27.961Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T19:32:42.580Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2024-3044" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00016.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TU3TYDXICKPYHMCNL7ARYYBXACEAYJ4/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "LibreOffice", "vendor": "The Document Foundation", "versions": [ { "lessThan": "7.6.7", "status": "affected", "version": "7.6", "versionType": "7.6 series" }, { "lessThan": "24.2.3", "status": "affected", "version": "24.2", "versionType": "24.2 series" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Thanks to Amel Bouziane-Leblond for for finding and reporting this issue." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.\u003cbr\u003e" } ], "value": "Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted." } ], "impacts": [ { "capecId": "CAPEC-160", "descriptions": [ { "lang": "en", "value": "CAPEC-160 Exploit Script-Based APIs" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-356", "description": "CWE-356 Product UI does not Warn User of Unsafe Actions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-20T10:09:29.430Z", "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn." }, "references": [ { "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2024-3044" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00016.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TU3TYDXICKPYHMCNL7ARYYBXACEAYJ4/" } ], "source": { "discovery": "EXTERNAL" }, "title": "Graphic on-click binding allows unchecked script execution", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "assignerShortName": "Document Fdn.", "cveId": "CVE-2024-3044", "datePublished": "2024-05-14T20:19:51.426Z", "dateReserved": "2024-03-28T15:28:21.866Z", "dateUpdated": "2024-11-12T20:14:27.961Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-2255
Vulnerability from cvelistv5
Published
2023-05-25 00:00
Modified
2024-08-02 06:19
Severity ?
EPSS score ?
Summary
Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Document Foundation | LibreOffice |
Version: 7.4 < 7.4.7 Version: 7.5 < 7.5.3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:19:14.082Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2023-2255" }, { "name": "DSA-5415", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5415" }, { "name": "[debian-lts-announce] 20230813 [SECURITY] [DLA 3526-1] libreoffice security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00014.html" }, { "name": "GLSA-202311-15", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202311-15" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "LibreOffice", "vendor": "The Document Foundation", "versions": [ { "lessThan": "7.4.7", "status": "affected", "version": "7.4", "versionType": "custom" }, { "lessThan": "7.5.3", "status": "affected", "version": "7.5", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Amel Bouziane-Leblond for discovering and reporting the issue" } ], "descriptions": [ { "lang": "en", "value": "Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used \"floating frames\" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-264", "description": "CWE-264 Permissions, Privileges, and Access Controls", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-26T09:06:16.295449", "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn." }, "references": [ { "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2023-2255" }, { "name": "DSA-5415", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5415" }, { "name": "[debian-lts-announce] 20230813 [SECURITY] [DLA 3526-1] libreoffice security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00014.html" }, { "name": "GLSA-202311-15", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202311-15" } ], "source": { "discovery": "EXTERNAL" }, "title": "Remote documents loaded without prompt via IFrame", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "assignerShortName": "Document Fdn.", "cveId": "CVE-2023-2255", "datePublished": "2023-05-25T00:00:00", "dateReserved": "2023-04-24T00:00:00", "dateUpdated": "2024-08-02T06:19:14.082Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6472
Vulnerability from cvelistv5
Published
2024-08-05 12:55
Modified
2024-08-05 14:32
Severity ?
EPSS score ?
Summary
Certificate Validation user interface in LibreOffice allows potential vulnerability.
Signed macros are scripts that have been digitally signed by the
developer using a cryptographic signature. When a document with a signed
macro is opened a warning is displayed by LibreOffice before the macro
is executed.
Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway.
This issue affects LibreOffice: from 24.2 before 24.2.5.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Document Foundation | LibreOffice |
Version: 24.2 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:the_document_foundation:libreoffice:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "libreoffice", "vendor": "the_document_foundation", "versions": [ { "lessThan": "24.2.5", "status": "affected", "version": "24.2", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-6472", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-05T14:28:03.223479Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-05T14:32:48.640Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "LibreOffice", "vendor": "The Document Foundation", "versions": [ { "lessThan": "24.2.5", "status": "affected", "version": "24.2", "versionType": "24.2 series" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Thanks to OpenSource Security GmbH on behalf of the German Federal Office for Information Security" } ], "datePublic": "2024-08-05T12:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eCertificate Validation user interface in LibreOffice allows potential vulnerability.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eSigned macros are scripts that have been digitally signed by the \ndeveloper using a cryptographic signature. When a document with a signed\n macro is opened a warning is displayed by LibreOffice before the macro \nis executed.\u003cbr\u003e\u003cbr\u003ePreviously if verification failed the user could fail to understand the failure and choose to enable the macros anyway.\u003cbr\u003e\u003c/div\u003e\u003cp\u003eThis issue affects LibreOffice: from 24.2 before 24.2.5.\u003c/p\u003e" } ], "value": "Certificate Validation user interface in LibreOffice allows potential vulnerability.\n\n\n\n\nSigned macros are scripts that have been digitally signed by the \ndeveloper using a cryptographic signature. When a document with a signed\n macro is opened a warning is displayed by LibreOffice before the macro \nis executed.\n\nPreviously if verification failed the user could fail to understand the failure and choose to enable the macros anyway.\n\n\nThis issue affects LibreOffice: from 24.2 before 24.2.5." } ], "impacts": [ { "capecId": "CAPEC-21", "descriptions": [ { "lang": "en", "value": "CAPEC-21 Exploitation of Trusted Identifiers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-05T12:55:39.199Z", "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn." }, "references": [ { "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2024-6472" } ], "source": { "discovery": "EXTERNAL" }, "title": "Ability to trust not validated macro signatures removed in high security mode", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "assignerShortName": "Document Fdn.", "cveId": "CVE-2024-6472", "datePublished": "2024-08-05T12:55:39.199Z", "dateReserved": "2024-07-03T09:26:27.358Z", "dateUpdated": "2024-08-05T14:32:48.640Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-25633
Vulnerability from cvelistv5
Published
2021-10-11 16:43
Modified
2024-09-16 18:28
Severity ?
EPSS score ?
Summary
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to combine multiple certificate data, which when opened caused LibreOffice to display a validly signed indicator but whose content was unrelated to the signature shown. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2.
References
▼ | URL | Tags |
---|---|---|
https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25633 | x_refsource_MISC | |
https://www.debian.org/security/2021/dsa-4988 | vendor-advisory, x_refsource_DEBIAN |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Document Foundation | LibreOffice |
Version: 7-0 < 7.0.6 Version: 7-1 < 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:11:27.676Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25633" }, { "name": "DSA-4988", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-4988" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "LibreOffice", "vendor": "The Document Foundation", "versions": [ { "lessThan": "7.0.6", "status": "affected", "version": "7-0", "versionType": "custom" }, { "lessThan": "7.1.2", "status": "affected", "version": "7-1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "NDS of Ruhr University Bochum" } ], "datePublic": "2021-10-11T00:00:00", "descriptions": [ { "lang": "en", "value": "LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to combine multiple certificate data, which when opened caused LibreOffice to display a validly signed indicator but whose content was unrelated to the signature shown. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-17T10:06:21", "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn." }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25633" }, { "name": "DSA-4988", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-4988" } ], "solutions": [ { "lang": "en", "value": "Update to 7.0.6 or 7.1.2 or 7.2.0" } ], "source": { "discovery": "EXTERNAL" }, "title": "Content Manipulation with Double Certificate Attack", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@documentfoundation.org", "DATE_PUBLIC": "2021-10-11T00:00:00.000Z", "ID": "CVE-2021-25633", "STATE": "PUBLIC", "TITLE": "Content Manipulation with Double Certificate Attack" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "LibreOffice", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "7-0", "version_value": "7.0.6" }, { "version_affected": "\u003c", "version_name": "7-1", "version_value": "7.1.2" } ] } } ] }, "vendor_name": "The Document Foundation" } ] } }, "credit": [ { "lang": "eng", "value": "NDS of Ruhr University Bochum" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to combine multiple certificate data, which when opened caused LibreOffice to display a validly signed indicator but whose content was unrelated to the signature shown. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-295 Improper Certificate Validation" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25633", "refsource": "MISC", "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25633" }, { "name": "DSA-4988", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4988" } ] }, "solution": [ { "lang": "en", "value": "Update to 7.0.6 or 7.1.2 or 7.2.0" } ], "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "assignerShortName": "Document Fdn.", "cveId": "CVE-2021-25633", "datePublished": "2021-10-11T16:43:34.400173Z", "dateReserved": "2021-01-19T00:00:00", "dateUpdated": "2024-09-16T18:28:34.730Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0950
Vulnerability from cvelistv5
Published
2023-05-25 00:00
Modified
2024-08-02 05:32
Severity ?
EPSS score ?
Summary
Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Document Foundation | LibreOffice |
Version: 7.4 < 7.4.6 Version: 7.5 < 7.5.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:32:46.025Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2023-0950" }, { "name": "DSA-5415", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5415" }, { "name": "[debian-lts-announce] 20230813 [SECURITY] [DLA 3526-1] libreoffice security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00014.html" }, { "name": "GLSA-202311-15", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202311-15" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "LibreOffice", "vendor": "The Document Foundation", "versions": [ { "lessThan": "7.4.6", "status": "affected", "version": "7.4", "versionType": "custom" }, { "lessThan": "7.5.1", "status": "affected", "version": "7.5", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Secusmart GmbH for discovering and reporting the issue" }, { "lang": "en", "value": "Eike Rathke of Red Hat, Inc. for a solution" } ], "descriptions": [ { "lang": "en", "value": "Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-26T09:06:14.773624", "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn." }, "references": [ { "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2023-0950" }, { "name": "DSA-5415", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5415" }, { "name": "[debian-lts-announce] 20230813 [SECURITY] [DLA 3526-1] libreoffice security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00014.html" }, { "name": "GLSA-202311-15", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202311-15" } ], "source": { "discovery": "EXTERNAL" }, "title": "Array Index UnderFlow in Calc Formula Parsing", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "assignerShortName": "Document Fdn.", "cveId": "CVE-2023-0950", "datePublished": "2023-05-25T00:00:00", "dateReserved": "2023-02-22T00:00:00", "dateUpdated": "2024-08-02T05:32:46.025Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-25636
Vulnerability from cvelistv5
Published
2022-02-22 00:00
Modified
2024-08-03 20:11
Severity ?
EPSS score ?
Summary
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Document Foundation | LibreOffice |
Version: 7.2 < 7.2.5 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:11:27.083Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636/" }, { "name": "FEDORA-2022-3bbe89c20f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NE6UIBCPZWRBWPSEGJOPNWPPT3CCMVH2/" }, { "name": "[debian-lts-announce] 20230326 [SECURITY] [DLA 3368-1] libreoffice security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "LibreOffice", "vendor": "The Document Foundation", "versions": [ { "lessThan": "7.2.5", "status": "affected", "version": "7.2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Thanks to NDS of Ruhr University Bochum for discovering and reporting this problem." } ], "descriptions": [ { "lang": "en", "value": "LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both \"X509Data\" and \"KeyValue\" children of the \"KeyInfo\" tag, which when opened caused LibreOffice to verify using the \"KeyValue\" but to report verification with the unrelated \"X509Data\" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-347", "description": "CWE-347 Improper Verification of Cryptographic Signature", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-26T00:00:00", "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn." }, "references": [ { "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636/" }, { "name": "FEDORA-2022-3bbe89c20f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NE6UIBCPZWRBWPSEGJOPNWPPT3CCMVH2/" }, { "name": "[debian-lts-announce] 20230326 [SECURITY] [DLA 3368-1] libreoffice security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Incorrect trust validation of signature with ambiguous KeyInfo children", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "assignerShortName": "Document Fdn.", "cveId": "CVE-2021-25636", "datePublished": "2022-02-22T00:00:00", "dateReserved": "2021-01-19T00:00:00", "dateUpdated": "2024-08-03T20:11:27.083Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26305
Vulnerability from cvelistv5
Published
2022-07-25 00:00
Modified
2024-08-03 05:03
Severity ?
EPSS score ?
Summary
An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro was actually signed with the certificate. An adversary could therefore create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in macros improperly trusted. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Document Foundation | LibreOffice |
Version: 7.2 < 7.2.7 Version: 7.3 < 7.3.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:03:31.146Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2022-26305" }, { "name": "[debian-lts-announce] 20230326 [SECURITY] [DLA 3368-1] libreoffice security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "LibreOffice", "vendor": "The Document Foundation", "versions": [ { "lessThan": "7.2.7", "status": "affected", "version": "7.2", "versionType": "custom" }, { "lessThan": "7.3.1", "status": "affected", "version": "7.3", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "OpenSource Security GmbH on behalf of the German Federal Office for Information Security" } ], "descriptions": [ { "lang": "en", "value": "An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro was actually signed with the certificate. An adversary could therefore create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in macros improperly trusted. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-26T00:00:00", "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn." }, "references": [ { "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2022-26305" }, { "name": "[debian-lts-announce] 20230326 [SECURITY] [DLA 3368-1] libreoffice security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Execution of Untrusted Macros Due to Improper Certificate Validation", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "assignerShortName": "Document Fdn.", "cveId": "CVE-2022-26305", "datePublished": "2022-07-25T00:00:00", "dateReserved": "2022-02-28T00:00:00", "dateUpdated": "2024-08-03T05:03:31.146Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6186
Vulnerability from cvelistv5
Published
2023-12-11 11:56
Modified
2024-08-02 08:21
Severity ?
EPSS score ?
Summary
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning.
In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Document Foundation | LibreOffice |
Version: 7.5 Version: 7.6 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:21:17.742Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5574" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "LibreOffice", "vendor": "The Document Foundation", "versions": [ { "lessThan": "7.5.9", "status": "affected", "version": "7.5", "versionType": "7.5 series" }, { "lessThan": "7.6.4", "status": "affected", "version": "7.6", "versionType": "7.6 series" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Thanks to Reginaldo Silva of ubercomp.com for finding and reporting this issue" } ], "datePublic": "2023-12-11T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eInsufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning.\u003c/div\u003e\u003cdiv\u003eIn affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.\u003cbr\u003e\u003c/div\u003e" } ], "value": "Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning.\n\nIn affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.\n\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-11T11:56:40.349Z", "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn." }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186" }, { "url": "https://www.debian.org/security/2023/dsa-5574" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html" } ], "source": { "discovery": "UNKNOWN" }, "title": "Link targets allow arbitrary script execution", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "assignerShortName": "Document Fdn.", "cveId": "CVE-2023-6186", "datePublished": "2023-12-11T11:56:40.349Z", "dateReserved": "2023-11-17T09:15:24.395Z", "dateUpdated": "2024-08-02T08:21:17.742Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-25631
Vulnerability from cvelistv5
Published
2021-05-03 11:10
Modified
2024-09-16 17:08
Severity ?
EPSS score ?
Summary
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.
References
▼ | URL | Tags |
---|---|---|
https://positive.security/blog/url-open-rce#open-libreoffice | x_refsource_MISC | |
https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/ | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Document Foundation | LibreOffice |
Version: 7.1 < 7.1.2 Version: 7.0 < 7.0.5 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:11:27.645Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://positive.security/blog/url-open-rce#open-libreoffice" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "platforms": [ "Windows" ], "product": "LibreOffice", "vendor": "The Document Foundation", "versions": [ { "lessThan": "7.1.2", "status": "affected", "version": "7.1", "versionType": "custom" }, { "lessThan": "7.0.5", "status": "affected", "version": "7.0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Lukas Euler of Positive Security" } ], "datePublic": "2021-04-15T00:00:00", "descriptions": [ { "lang": "en", "value": "In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn\u0027t match the denylist but results in ShellExecute attempting to launch an executable type." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-184", "description": "CWE-184 Incomplete Denylist", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-03T11:10:33", "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn." }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://positive.security/blog/url-open-rce#open-libreoffice" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/" } ], "source": { "discovery": "UNKNOWN" }, "title": "denylist of executable filename extensions possible to bypass under windows", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@documentfoundation.org", "DATE_PUBLIC": "2021-04-15T00:00:00.000Z", "ID": "CVE-2021-25631", "STATE": "PUBLIC", "TITLE": "denylist of executable filename extensions possible to bypass under windows" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "LibreOffice", "version": { "version_data": [ { "platform": "Windows", "version_affected": "\u003c", "version_name": "7.1", "version_value": "7.1.2" }, { "platform": "Windows", "version_affected": "\u003c", "version_name": "7.0", "version_value": "7.0.5" } ] } } ] }, "vendor_name": "The Document Foundation" } ] } }, "credit": [ { "lang": "eng", "value": "Lukas Euler of Positive Security" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn\u0027t match the denylist but results in ShellExecute attempting to launch an executable type." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-184 Incomplete Denylist" } ] } ] }, "references": { "reference_data": [ { "name": "https://positive.security/blog/url-open-rce#open-libreoffice", "refsource": "MISC", "url": "https://positive.security/blog/url-open-rce#open-libreoffice" }, { "name": "https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/", "refsource": "MISC", "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "assignerShortName": "Document Fdn.", "cveId": "CVE-2021-25631", "datePublished": "2021-05-03T11:10:33.079682Z", "dateReserved": "2021-01-19T00:00:00", "dateUpdated": "2024-09-16T17:08:37.634Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-25634
Vulnerability from cvelistv5
Published
2021-10-12 13:33
Modified
2024-09-17 00:46
Severity ?
EPSS score ?
Summary
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2.
References
▼ | URL | Tags |
---|---|---|
https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634 | x_refsource_MISC | |
https://www.debian.org/security/2021/dsa-4988 | vendor-advisory, x_refsource_DEBIAN |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Document Foundation | LibreOffice |
Version: 7-0 < 7.0.6 Version: 7-1 < 7.1.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:11:27.577Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634" }, { "name": "DSA-4988", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-4988" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "LibreOffice", "vendor": "The Document Foundation", "versions": [ { "lessThan": "7.0.6", "status": "affected", "version": "7-0", "versionType": "custom" }, { "lessThan": "7.1.2", "status": "affected", "version": "7-1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "NDS of Ruhr University Bochum" } ], "datePublic": "2021-10-11T00:00:00", "descriptions": [ { "lang": "en", "value": "LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-17T10:06:24", "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn." }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634" }, { "name": "DSA-4988", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-4988" } ], "solutions": [ { "lang": "en", "value": "Update to 7.0.6 or 7.1.2 or 7.2.0" } ], "source": { "discovery": "EXTERNAL" }, "title": "Timestamp Manipulation with Signature Wrapping", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@documentfoundation.org", "DATE_PUBLIC": "2021-10-11T00:00:00.000Z", "ID": "CVE-2021-25634", "STATE": "PUBLIC", "TITLE": "Timestamp Manipulation with Signature Wrapping" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "LibreOffice", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "7-0", "version_value": "7.0.6" }, { "version_affected": "\u003c", "version_name": "7-1", "version_value": "7.1.2" } ] } } ] }, "vendor_name": "The Document Foundation" } ] } }, "credit": [ { "lang": "eng", "value": "NDS of Ruhr University Bochum" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-295 Improper Certificate Validation" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634", "refsource": "MISC", "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634" }, { "name": "DSA-4988", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4988" } ] }, "solution": [ { "lang": "en", "value": "Update to 7.0.6 or 7.1.2 or 7.2.0" } ], "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "assignerShortName": "Document Fdn.", "cveId": "CVE-2021-25634", "datePublished": "2021-10-12T13:33:54.266254Z", "dateReserved": "2021-01-19T00:00:00", "dateUpdated": "2024-09-17T00:46:33.587Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26307
Vulnerability from cvelistv5
Published
2022-07-25 00:00
Modified
2024-08-03 05:03
Severity ?
EPSS score ?
Summary
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable to a brute force attack if an attacker has access to the users stored config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.3.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Document Foundation | LibreOffice |
Version: 7.2 < 7.2.7 Version: 7.3 < 7.3.3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:03:31.842Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2022-26307" }, { "name": "[oss-security] 20220812 CVE-2022-37401: Apache OpenOffice Weak Master Keys", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/08/13/2" }, { "name": "[debian-lts-announce] 20230326 [SECURITY] [DLA 3368-1] libreoffice security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "LibreOffice", "vendor": "The Document Foundation", "versions": [ { "lessThan": "7.2.7", "status": "affected", "version": "7.2", "versionType": "custom" }, { "lessThan": "7.3.3", "status": "affected", "version": "7.3", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "OpenSource Security GmbH on behalf of the German Federal Office for Information Security" } ], "descriptions": [ { "lang": "en", "value": "LibreOffice supports the storage of passwords for web connections in the user\u2019s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable to a brute force attack if an attacker has access to the users stored config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.3." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-326", "description": "CWE-326 Inadequate Encryption Strength", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-26T00:00:00", "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn." }, "references": [ { "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2022-26307" }, { "name": "[oss-security] 20220812 CVE-2022-37401: Apache OpenOffice Weak Master Keys", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/08/13/2" }, { "name": "[debian-lts-announce] 20230326 [SECURITY] [DLA 3368-1] libreoffice security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Weak Master Keys", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "assignerShortName": "Document Fdn.", "cveId": "CVE-2022-26307", "datePublished": "2022-07-25T00:00:00", "dateReserved": "2022-02-28T00:00:00", "dateUpdated": "2024-08-03T05:03:31.842Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6185
Vulnerability from cvelistv5
Published
2023-12-11 11:52
Modified
2024-12-02 16:58
Severity ?
EPSS score ?
Summary
Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.
In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Document Foundation | LibreOffice |
Version: 7.5 Version: 7.6 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:21:17.741Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5574" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-6185", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2023-12-20T16:47:31.483769Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-02T16:58:58.281Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "LibreOffice", "vendor": "The Document Foundation", "versions": [ { "lessThan": "7.5.9", "status": "affected", "version": "7.5", "versionType": "7.5 series" }, { "lessThan": "7.6.3", "status": "affected", "version": "7.6", "versionType": "7.6 series" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Thanks to Reginaldo Silva of ubercomp.com for finding and reporting this issue" } ], "datePublic": "2023-12-11T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eImproper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.\u003c/div\u003e\u003cdiv\u003eIn affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.\u003c/div\u003e" } ], "value": "Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.\n\nIn affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-11T11:52:06.388Z", "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn." }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185" }, { "url": "https://www.debian.org/security/2023/dsa-5574" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html" } ], "source": { "discovery": "UNKNOWN" }, "title": "Improper input validation enabling arbitrary Gstreamer pipeline injection", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "assignerShortName": "Document Fdn.", "cveId": "CVE-2023-6185", "datePublished": "2023-12-11T11:52:06.388Z", "dateReserved": "2023-11-17T09:15:06.687Z", "dateUpdated": "2024-12-02T16:58:58.281Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-5261
Vulnerability from cvelistv5
Published
2024-06-25 12:44
Modified
2024-08-01 21:11
Severity ?
EPSS score ?
Summary
Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification
LibreOfficeKit can be used for accessing LibreOffice functionality
through C/C++. Typically this is used by third party components to reuse
LibreOffice as a library to convert, view or otherwise interact with
documents.
LibreOffice internally makes use of "curl" to fetch remote resources such as images hosted on webservers.
In
affected versions of LibreOffice, when used in LibreOfficeKit mode
only, then curl's TLS certification verification was disabled
(CURLOPT_SSL_VERIFYPEER of false)
In the fixed versions curl operates in LibreOfficeKit mode the same as in standard mode with CURLOPT_SSL_VERIFYPEER of true.
This issue affects LibreOffice before version 24.2.4.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Document Foundation | LibreOffice |
Version: 24.2 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:libreoffice:libreoffice:24.2.4:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "libreoffice", "vendor": "libreoffice", "versions": [ { "lessThan": "24.2.4", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-5261", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-25T13:27:12.094894Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-25T13:29:25.699Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:11:11.609Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2024-5261" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "LibreOffice", "vendor": "The Document Foundation", "versions": [ { "lessThan": "24.2.4", "status": "affected", "version": "24.2", "versionType": "24.2 series" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "OpenSource Security GmbH" } ], "datePublic": "2024-06-25T13:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eImproper Certificate Validation vulnerability in LibreOffice \"LibreOfficeKit\" mode disables TLS certification verification\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eLibreOfficeKit can be used for accessing LibreOffice functionality \nthrough C/C++. Typically this is used by third party components to reuse\n LibreOffice as a library to convert, view or otherwise interact with \ndocuments.\u003c/p\u003e\u003cp\u003eLibreOffice internally makes use of \"curl\" to fetch remote resources such as images hosted on webservers.\u003c/p\u003e\u003cp\u003eIn\n affected versions of LibreOffice, when used in LibreOfficeKit mode \nonly, then curl\u0027s TLS certification verification was disabled \n(CURLOPT_SSL_VERIFYPEER of false)\u003cbr\u003e\u003cbr\u003eIn the fixed versions curl operates in LibreOfficeKit mode the same as in standard mode with CURLOPT_SSL_VERIFYPEER of true.\u003c/p\u003eThis issue affects LibreOffice before version 24.2.4.\u003c/div\u003e" } ], "value": "Improper Certificate Validation vulnerability in LibreOffice \"LibreOfficeKit\" mode disables TLS certification verification\n\nLibreOfficeKit can be used for accessing LibreOffice functionality \nthrough C/C++. Typically this is used by third party components to reuse\n LibreOffice as a library to convert, view or otherwise interact with \ndocuments.\n\nLibreOffice internally makes use of \"curl\" to fetch remote resources such as images hosted on webservers.\n\nIn\n affected versions of LibreOffice, when used in LibreOfficeKit mode \nonly, then curl\u0027s TLS certification verification was disabled \n(CURLOPT_SSL_VERIFYPEER of false)\n\nIn the fixed versions curl operates in LibreOfficeKit mode the same as in standard mode with CURLOPT_SSL_VERIFYPEER of true.\n\nThis issue affects LibreOffice before version 24.2.4." } ], "impacts": [ { "capecId": "CAPEC-94", "descriptions": [ { "lang": "en", "value": "CAPEC-94 Adversary in the Middle (AiTM)" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 10, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-25T12:44:24.251Z", "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn." }, "references": [ { "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2024-5261" } ], "source": { "discovery": "EXTERNAL" }, "title": "TLS certificate are not properly verified when utilizing LibreOfficeKit", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "assignerShortName": "Document Fdn.", "cveId": "CVE-2024-5261", "datePublished": "2024-06-25T12:44:24.251Z", "dateReserved": "2024-05-23T07:20:08.542Z", "dateUpdated": "2024-08-01T21:11:11.609Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-7788
Vulnerability from cvelistv5
Published
2024-09-17 14:28
Modified
2024-10-12 13:05
Severity ?
EPSS score ?
Summary
Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Document Foundation | LibreOffice |
Version: 24.2 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:thedocumentfoundation:libreoffice:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "libreoffice", "vendor": "thedocumentfoundation", "versions": [ { "lessThan": "24.2.5", "status": "affected", "version": "24.2", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-7788", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-17T15:52:01.086783Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-17T15:55:47.097Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-10-12T13:05:35.355Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00007.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "LibreOffice", "vendor": "The Document Foundation", "versions": [ { "lessThan": "\u003c 24.2.5", "status": "affected", "version": "24.2", "versionType": "24.2 series" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Thanks to Thanks to Yufan You for finding and reporting this issue" }, { "lang": "en", "type": "remediation developer", "value": "Thanks to Michael Stahl of allotropia for providing a fix" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Improper Digital Signature Invalidation\u0026nbsp; vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows \u003cspan style=\"background-color: rgb(246, 245, 244);\"\u003eSignature forgery vulnerability in LibreOffice\u003c/span\u003e\u003cp\u003eThis issue affects LibreOffice: from 24.2 before \u0026lt; 24.2.5.\u003c/p\u003e" } ], "value": "Improper Digital Signature Invalidation\u00a0 vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before \u003c 24.2.5." } ], "impacts": [ { "capecId": "CAPEC-477", "descriptions": [ { "lang": "en", "value": "CAPEC-477 Signature Spoofing by Mixing Signed and Unsigned Content" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-347", "description": "CWE-347 Improper Verification of Cryptographic Signature", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-17T14:28:36.075Z", "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn." }, "references": [ { "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2024-7788" } ], "source": { "discovery": "EXTERNAL" }, "title": "Signatures in \"repair mode\" should not be trusted", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "assignerShortName": "Document Fdn.", "cveId": "CVE-2024-7788", "datePublished": "2024-09-17T14:28:36.075Z", "dateReserved": "2024-08-14T11:41:07.960Z", "dateUpdated": "2024-10-12T13:05:35.355Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3140
Vulnerability from cvelistv5
Published
2022-10-11 00:00
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.1; 7.3 versions prior to 7.3.6.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Document Foundation | LibreOffice |
Version: 7.4 < 7.4.1 Version: 7.3 < 7.3.6 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:00:10.521Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2022-3140" }, { "name": "DSA-5252", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5252" }, { "name": "FEDORA-2022-775c747e4a", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TORANVTIWWBH3DNJR4UZATAG67KZOH32/" }, { "name": "GLSA-202212-04", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202212-04" }, { "name": "[debian-lts-announce] 20230326 [SECURITY] [DLA 3368-1] libreoffice security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "LibreOffice", "vendor": "The Document Foundation", "versions": [ { "lessThan": "7.4.1", "status": "affected", "version": "7.4", "versionType": "custom" }, { "lessThan": "7.3.6", "status": "affected", "version": "7.3", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "TheSecurityDev working with Trend Micro Zero Day Initiative" } ], "descriptions": [ { "lang": "en", "value": "LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme \u0027vnd.libreoffice.command\u0027 specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.1; 7.3 versions prior to 7.3.6." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-26T00:00:00", "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn." }, "references": [ { "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2022-3140" }, { "name": "DSA-5252", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5252" }, { "name": "FEDORA-2022-775c747e4a", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TORANVTIWWBH3DNJR4UZATAG67KZOH32/" }, { "name": "GLSA-202212-04", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202212-04" }, { "name": "[debian-lts-announce] 20230326 [SECURITY] [DLA 3368-1] libreoffice security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Macro URL arbitrary script execution", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "assignerShortName": "Document Fdn.", "cveId": "CVE-2022-3140", "datePublished": "2022-10-11T00:00:00", "dateReserved": "2022-09-06T00:00:00", "dateUpdated": "2024-08-03T01:00:10.521Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26306
Vulnerability from cvelistv5
Published
2022-07-25 00:00
Modified
2024-08-03 05:03
Severity ?
EPSS score ?
Summary
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Document Foundation | LibreOffice |
Version: 7.2 < 7.2.7 Version: 7.3 < 7.3.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:03:31.153Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2022-26306" }, { "name": "[oss-security] 20220812 CVE-2022-37400: Apache OpenOffice Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/08/13/1" }, { "name": "[debian-lts-announce] 20230326 [SECURITY] [DLA 3368-1] libreoffice security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "LibreOffice", "vendor": "The Document Foundation", "versions": [ { "lessThan": "7.2.7", "status": "affected", "version": "7.2", "versionType": "custom" }, { "lessThan": "7.3.1", "status": "affected", "version": "7.3", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "OpenSource Security GmbH on behalf of the German Federal Office for Information Security" } ], "descriptions": [ { "lang": "en", "value": "LibreOffice supports the storage of passwords for web connections in the user\u2019s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user\u0027s configuration data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-326", "description": "CWE-326 Inadequate Encryption Strength", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-26T00:00:00", "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn." }, "references": [ { "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2022-26306" }, { "name": "[oss-security] 20220812 CVE-2022-37400: Apache OpenOffice Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/08/13/1" }, { "name": "[debian-lts-announce] 20230326 [SECURITY] [DLA 3368-1] libreoffice security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Execution of Untrusted Macros Due to Improper Certificate Validation", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "assignerShortName": "Document Fdn.", "cveId": "CVE-2022-26306", "datePublished": "2022-07-25T00:00:00", "dateReserved": "2022-02-28T00:00:00", "dateUpdated": "2024-08-03T05:03:31.153Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12801
Vulnerability from cvelistv5
Published
2020-05-18 14:20
Modified
2024-11-18 17:29
Severity ?
EPSS score ?
Summary
If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice's default ODF file format, then affected versions of LibreOffice default that subsequent saves of the document are unencrypted. This may lead to a user accidentally saving a MSOffice file format document unencrypted while believing it to be encrypted. This issue affects: LibreOffice 6-3 series versions prior to 6.3.6; 6-4 series versions prior to 6.4.3.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Document Foundation | LibreOffice |
Version: 6-3 series < 6.3.6 Version: 6-4 series < 6.4.3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:04:22.875Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12801" }, { "name": "openSUSE-SU-2020:0786", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00011.html" }, { "name": "[debian-lts-announce] 20231231 [SECURITY] [DLA 3703-1] libreoffice security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-12801", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-01-10T15:37:49.768784Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-18T17:29:42.515Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "LibreOffice", "vendor": "The Document Foundation", "versions": [ { "lessThan": "6.3.6", "status": "affected", "version": "6-3 series", "versionType": "custom" }, { "lessThan": "6.4.3", "status": "affected", "version": "6-4 series", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Thanks to Tomas Florian \u003ctomas@armoreye.ca\u003e for raising awareness of the issue" } ], "datePublic": "2020-05-18T00:00:00", "descriptions": [ { "lang": "en", "value": "If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice\u0027s default ODF file format, then affected versions of LibreOffice default that subsequent saves of the document are unencrypted. This may lead to a user accidentally saving a MSOffice file format document unencrypted while believing it to be encrypted. This issue affects: LibreOffice 6-3 series versions prior to 6.3.6; 6-4 series versions prior to 6.4.3." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-311", "description": "CWE-311 Missing Encryption of Sensitive Data", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-31T14:06:29.477186", "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn." }, "references": [ { "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12801" }, { "name": "openSUSE-SU-2020:0786", "tags": [ "vendor-advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00011.html" }, { "name": "[debian-lts-announce] 20231231 [SECURITY] [DLA 3703-1] libreoffice security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Crash-recovered MSOffice encrypted documents defaulted to not to using encryption on next save", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "assignerShortName": "Document Fdn.", "cveId": "CVE-2020-12801", "datePublished": "2020-05-18T14:20:08.325905Z", "dateReserved": "2020-05-12T00:00:00", "dateUpdated": "2024-11-18T17:29:42.515Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12802
Vulnerability from cvelistv5
Published
2020-06-08 15:23
Modified
2024-09-17 04:08
Severity ?
EPSS score ?
Summary
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where remote graphic links loaded from docx documents were omitted from this protection prior to version 6.4.4. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Document Foundation | LibreOffice |
Version: unspecified < 6.4.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:04:22.902Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12802" }, { "name": "FEDORA-2020-8922773bc4", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQIBAKXD7VO5IGBD7ZMH3GGBNR5R2IOA/" }, { "name": "openSUSE-SU-2020:1222", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00042.html" }, { "name": "openSUSE-SU-2020:1261", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00058.html" }, { "name": "[debian-lts-announce] 20231231 [SECURITY] [DLA 3703-1] libreoffice security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "LibreOffice", "vendor": "The Document Foundation", "versions": [ { "lessThan": "6.4.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2020-06-08T00:00:00", "descriptions": [ { "lang": "en", "value": "LibreOffice has a \u0027stealth mode\u0027 in which only documents from locations deemed \u0027trusted\u0027 are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice\u0027s ability to include remote resources within a document. A flaw existed where remote graphic links loaded from docx documents were omitted from this protection prior to version 6.4.4. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200 Information Exposure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-31T14:06:36.830396", "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn." }, "references": [ { "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12802" }, { "name": "FEDORA-2020-8922773bc4", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQIBAKXD7VO5IGBD7ZMH3GGBNR5R2IOA/" }, { "name": "openSUSE-SU-2020:1222", "tags": [ "vendor-advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00042.html" }, { "name": "openSUSE-SU-2020:1261", "tags": [ "vendor-advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00058.html" }, { "name": "[debian-lts-announce] 20231231 [SECURITY] [DLA 3703-1] libreoffice security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html" } ], "source": { "discovery": "UNKNOWN" }, "title": "remote graphics contained in docx format retrieved in \u0027stealth mode\u0027", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "assignerShortName": "Document Fdn.", "cveId": "CVE-2020-12802", "datePublished": "2020-06-08T15:23:05.479080Z", "dateReserved": "2020-05-12T00:00:00", "dateUpdated": "2024-09-17T04:08:53.179Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12803
Vulnerability from cvelistv5
Published
2020-06-08 15:43
Modified
2024-09-16 22:25
Severity ?
EPSS score ?
Summary
ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need for macros or other active scripting Prior to version 6.4.4 LibreOffice allowed forms to be submitted to any URI, including file: URIs, enabling form submissions to overwrite local files. User-interaction is required to submit the form, but to avoid the possibility of malicious documents engineered to maximize the possibility of inadvertent user submission this feature has now been limited to http[s] URIs, removing the possibility to overwrite local files. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Document Foundation | LibreOffice |
Version: unspecified < 6.4.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:04:22.905Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12803" }, { "name": "FEDORA-2020-8922773bc4", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQIBAKXD7VO5IGBD7ZMH3GGBNR5R2IOA/" }, { "name": "openSUSE-SU-2020:1222", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00042.html" }, { "name": "openSUSE-SU-2020:1261", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00058.html" }, { "name": "[debian-lts-announce] 20231231 [SECURITY] [DLA 3703-1] libreoffice security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "LibreOffice", "vendor": "The Document Foundation", "versions": [ { "lessThan": "6.4.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2020-06-08T00:00:00", "descriptions": [ { "lang": "en", "value": "ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need for macros or other active scripting Prior to version 6.4.4 LibreOffice allowed forms to be submitted to any URI, including file: URIs, enabling form submissions to overwrite local files. User-interaction is required to submit the form, but to avoid the possibility of malicious documents engineered to maximize the possibility of inadvertent user submission this feature has now been limited to http[s] URIs, removing the possibility to overwrite local files. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4." } ], "problemTypes": [ { "descriptions": [ { "description": "xforms submission target on local file system allowed", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-31T14:06:33.068047", "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn." }, "references": [ { "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12803" }, { "name": "FEDORA-2020-8922773bc4", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQIBAKXD7VO5IGBD7ZMH3GGBNR5R2IOA/" }, { "name": "openSUSE-SU-2020:1222", "tags": [ "vendor-advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00042.html" }, { "name": "openSUSE-SU-2020:1261", "tags": [ "vendor-advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00058.html" }, { "name": "[debian-lts-announce] 20231231 [SECURITY] [DLA 3703-1] libreoffice security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html" } ], "source": { "discovery": "UNKNOWN" }, "title": "XForms submissions could overwrite local files", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "assignerShortName": "Document Fdn.", "cveId": "CVE-2020-12803", "datePublished": "2020-06-08T15:43:09.400466Z", "dateReserved": "2020-05-12T00:00:00", "dateUpdated": "2024-09-16T22:25:46.168Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }