CVE-2023-1183 – Arbitrary file write
https://notcve.org/view.php?id=CVE-2023-1183
A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker. • http://www.openwall.com/lists/oss-security/2023/12/28/4 http://www.openwall.com/lists/oss-security/2024/01/03/4 https://access.redhat.com/security/cve/CVE-2023-1183 https://bugzilla.redhat.com/show_bug.cgi?id=2208506 https://www.libreoffice.org/about-us/security/advisories/cve-2023-1183 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-25634 – Timestamp Manipulation with Signature Wrapping
https://notcve.org/view.php?id=CVE-2021-25634
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2. LibreOffice soporta firmas digitales de documentos ODF y macros dentro de documentos, presentando ayudas visuales de que no se ha producido ninguna alteración del documento desde la última firma y que la firma es válida. Una vulnerabilidad de Comprobación Inapropiada de Certificados en LibreOffice permitía a un atacante modificar un documento ODF firmado digitalmente para insertar una marca de tiempo de firma adicional que LibreOffice presentaría incorrectamente como una firma válida firmada en la hora de firma falsa. • https://www.debian.org/security/2021/dsa-4988 https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634 https://access.redhat.com/security/cve/CVE-2021-25634 https://bugzilla.redhat.com/show_bug.cgi?id=2013151 • CWE-295: Improper Certificate Validation •
CVE-2021-25633 – Content Manipulation with Double Certificate Attack
https://notcve.org/view.php?id=CVE-2021-25633
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to combine multiple certificate data, which when opened caused LibreOffice to display a validly signed indicator but whose content was unrelated to the signature shown. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2. LibreOffice soporta firmas digitales de documentos ODF y macros dentro de documentos, presentando ayudas visuales de que no se ha producido ninguna alteración del documento desde la última firma y que la firma es válida. Una vulnerabilidad de Comprobación Inapropiada de Certificados en LibreOffice permitía a un atacante crear un documento ODF firmado digitalmente, al manipular el flujo documentsignatures.xml o macrosignatures.xml dentro del documento para combinar múltiples datos de certificados, que cuando se abría causaba que LibreOffice mostrara un indicador firmado válidamente pero cuyo contenido no estaba relacionado con la firma mostrada. • https://www.debian.org/security/2021/dsa-4988 https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25633 https://access.redhat.com/security/cve/CVE-2021-25633 https://bugzilla.redhat.com/show_bug.cgi?id=2013135 • CWE-295: Improper Certificate Validation •
CVE-2021-25631 – denylist of executable filename extensions possible to bypass under windows
https://notcve.org/view.php?id=CVE-2021-25631
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type. En la serie LibreOffice 7-1 en versiones anteriores a 7.1.2, y en la serie 7-0 en versiones anteriores a 7.0.5, la denylist puede ser omitida al manipular el enlace para que no coincida con la denylist pero resulte en ShellExecute intentando iniciar un tipo ejecutable. • https://positive.security/blog/url-open-rce#open-libreoffice https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631 • CWE-184: Incomplete List of Disallowed Inputs •