Monday, November 28, 2022
HomeCyber SecurityLibreOffice Releases Software program Replace to Patch 3 New Vulnerabilities

LibreOffice Releases Software program Replace to Patch 3 New Vulnerabilities

The staff behind LibreOffice has launched safety updates to repair three safety flaws within the productiveness software program, certainly one of which may very well be exploited to realize arbitrary code execution on affected techniques.

Tracked as CVE-2022-26305, the difficulty has been described as a case of improper certificates validation when checking whether or not a macro is signed by a trusted creator, resulting in the execution of rogue code packaged inside the macros.


“An adversary might subsequently create an arbitrary certificates with a serial quantity and an issuer string an identical to a trusted certificates which LibreOffice would current as belonging to the trusted creator, doubtlessly resulting in the consumer to execute arbitrary code contained in macros improperly trusted,” LibreOffice mentioned in an advisory.

Additionally resolved is using a static initialization vector (IV) throughout encryption (CVE-2022-26306) that would have weakened the safety ought to a nasty actor have entry to the consumer’s configuration data.

Lastly, the updates additionally resolve CVE-2022-26307, whereby the grasp key was poorly encoded, rendering the saved passwords inclined to a brute-force assault if an adversary is in possession of the consumer configuration.


The three vulnerabilities, which had been reported by OpenSource Safety GmbH on behalf of the German Federal Workplace for Info Safety, have been addressed in LibreOffice variations 7.2.7, 7.3.2, and seven.3.3.

The patches come 5 months after the Doc Basis fastened one other improper certificates validation bug (CVE-2021-25636) in February 2022. Final October, three spoofing flaws had been patched that may very well be abused to change paperwork to make them seem as if they’re digitally signed by a trusted supply.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments