CVE-2024-12425Path Traversal in Document Foundation Libreoffice

CWE-22Path Traversal8 documents7 sources
Severity
2.4LOWNVD
EPSS
0.4%
top 38.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
THE Document Foundation LibreofficeLibreofficeDebian Linux
Timeline
PublishedJan 7
Latest updateJan 27

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 before < 24.8.4.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages4 packages

CVEListV5the_document_foundation/libreoffice24.8< 24.8.4
NVDlibreoffice/libreoffice24.8.0.124.8.4+1
Debianlibreoffice/libreoffice< 1:7.0.4-4+deb11u12+3
Ubuntulibreoffice/libreoffice< 1:6.4.7-0ubuntu0.20.04.13+2

Also affects: Debian Linux 11.0

🔴Vulnerability Details

4
OSV
libreoffice vulnerabilities2025-01-27
OSV
CVE-2024-12425: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Pa2025-01-07
CVEList
Path traversal leading to arbitrary .ttf file write2025-01-07
GHSA
GHSA-6x53-588x-53g2: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Pa2025-01-07

📋Vendor Advisories

3
Ubuntu
LibreOffice vulnerabilities2025-01-27
Red Hat
LibreOffice: Path traversal leading to arbitrary .ttf file write2025-01-07
Debian
CVE-2024-12425: libreoffice - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v...2024
CVE-2024-12425 — Path Traversal | cvebase