CVE-2022-26305

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2022-26305
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-07-25 15:15:00 UTC
Updated2023-03-26 23:15:00 UTC
DescriptionAn Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro was actually signed with the certificate. An adversary could therefore create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in macros improperly trusted. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1.

Risk And Classification

Problem Types: CWE-295

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Libreoffice Libreoffice All All All All

References

ReferenceSourceLinkTags
CVE-2022-26305 | LibreOffice - Free Office Suite - Based on OpenOffice - Compatible with Microsoft MISC www.libreoffice.org
[SECURITY] [DLA 3368-1] libreoffice security update MLIST lists.debian.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 160398 Oracle Enterprise Linux Security Update for libreoffice (ELSA-2023-0089)
  • 160422 Oracle Enterprise Linux Security Update for libreoffice (ELSA-2023-0304)
  • 181005 Debian Security Update for libreoffice (CVE-2022-26305)
  • 181639 Debian Security Update for libreoffice (DLA 3368-1)
  • 198976 Ubuntu Security Notification for LibreOffice Vulnerabilities (USN-5661-1)
  • 199000 Ubuntu Security Notification for LibreOffice Vulnerabilities (USN-5694-1)
  • 241056 Red Hat Update for libreoffice (RHSA-2023:0089)
  • 241115 Red Hat Update for libreoffice (RHSA-2023:0304)
  • 376799 LibreOffice Improper Certificate Validation Vulnerability
  • 502565 Alpine Linux Security Update for libreoffice
  • 502588 Alpine Linux Security Update for libreoffice
  • 752680 SUSE Enterprise Linux Security Update for libreoffice (SUSE-SU-2022:3602-1)
  • 753136 SUSE Enterprise Linux Security Update for libreoffice (SUSE-SU-2022:3650-1)
  • 940875 AlmaLinux Security Update for libreoffice (ALSA-2023:0089)
  • 940908 AlmaLinux Security Update for libreoffice (ALSA-2023:0304)
  • 960556 Rocky Linux Security Update for libreoffice (RLSA-2023:0304)
  • 960559 Rocky Linux Security Update for libreoffice (RLSA-2023:0089)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report