Debian LTS: DLA-4205-1 moderate: libreoffice PDF signature spoofing
debian lts
June 1, 2025
Multiple vulnerabilities were discovered in Libreoffice, an office productivity software suite
Topics Covered
Summary
CVE-2025-1080
LibreOffice supports Office URI Schemes to enable browser
integration of LibreOffice with MS SharePoint server. An additional
scheme 'vnd.libreoffice.command' specific to LibreOffice was added.
In the affected versions of LibreOffice a link in a browser using
that scheme could be constructed with an embedded inner URL that
when passed to LibreOffice could call internal macros with arbitrary
arguments.
CVE-2025-2866
LibreOffice allows PDF Signature Spoofing by Improper Validation. In
the affected versions of LibreOffice a flaw in the verification code
for adbe.pkcs7.sha1 signatures could cause invalid signatures to be
accepted as valid
For Debian 11 bullseye, these problems have been fixed in version
1:7.0.4-4+deb11u13.
We recommend that you upgrade your libreoffice packages.
For the detailed security status of libreoffice please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/libreoffice
PREVIOUS
NEXT
Package: libreoffice
Version: 1:7.0.4-4+deb11u13
CVE ID: CVE-2025-1080 CVE-2025-2866
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!