Primary

Context

LibreOffice PDF Signature Spoofing Vulnerability

Vulnerability

Patched

A vulnerability allowing PDF signature spoofing has been identified in LibreOffice versions 24.8 prior to 24.8.6 and 25.2 prior to 25.2.2. This issue arises from improper verification of cryptographic signatures, specifically in the handling of adbe.pkcs7.sha1 signatures, where invalid signatures could be incorrectly accepted as valid.

Impact

Exploitation of this vulnerability allows for the forgery of PDF signatures, with invalid signatures being accepted as legitimate.

Remediation

Users are advised to upgrade to LibreOffice versions 24.8.6 or 25.2.2.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LibreOffice PDF Signature Spoofing Vulnerability

Vulnerability

Impact

Remediation

Affected Products

LibreOffice

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating