LibreOffice developers have released updates that fix three vulnerabilities in LibreOffice at once. One of these bugs can be used to execute arbitrary code on vulnerable systems.

The most serious issue, CVE-2022-26305, is related to improper certificates validation when whether or not a macro is signed by a trusted creator. As a result, this leads to the execution of malicious code hidden in macros. A vulnerability (CVE-2022-26306) has also been fixed that could allow access to user configuration information, which could weaken security. The updates fix another vulnerability, CVE-2022-26307, which allows brute force of saved passwords.

The issues have been fixed in LibreOffice versions 7.2.7, 7.3.2 and 7.3.3.

Source: securitylab.ru