Vulnerability Details : CVE-2022-26305

An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro was actually signed with the certificate. An adversary could therefore create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in macros improperly trusted. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1.
Vulnerability category: Execute code
Published 2022-07-25 15:15:09
Updated 2023-03-26 23:15:07
Source Document Foundation, The
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-26305

Probability of exploitation activity in the next 30 days: 0.22%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 59 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-26305

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Source
7.5
 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1.6
5.9
 nvd@nist.gov

CWE ids for CVE-2022-26305

References for CVE-2022-26305

Products affected by CVE-2022-26305

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close