Flaw Impacting LibreOffice & OpenOffice Enables Attackers to Spoof Signed Documents

LibreOffice and OpenOffice have released fixes to tackle an issue that allows hackers to make documents look as if they were signed by a trustworthy source.

Even though the vulnerability is not placed in the ‘High’ severity category being rated as moderate, the consequences could be disastrous. The digital signatures used in document macros are intended to assist the user in determining whether or not a document has been modified and can be trustworthy.

Allowing anyone to sign macro-ridden documents themselves, and make them appear as trustworthy, is an excellent way to trick users into running malicious code.


Ruhr University Bochum’s cybersecurity researchers were the first to notice this vulnerability in OpenOffice, which has been tracked as  CVE-2021-41832. The same issue affects LibreOffice, a project fork of OpenOffice that originated from the main project over ten years ago and is recorded as CVE-2021-25635 for their project.

Taking Care of The Issue

Those using at least one of the open-source office suites are recommended to update to the most recent version as quickly as possible.

For OpenOffice – 4.1.10 and later For LibreOffice – 7.0.5 or 7.1.1 and later

Users will have to do the updates manually by

Read More: https://heimdalsecurity.com/blog/flaw-impacting-libreoffice-openoffice-enables-attackers-to-spoof-signed-documents/