CVE-2024-12425

Low CVSS: 2.4

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal.

An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files.

This issue affects LibreOffice: from 24.8 before < 24.8.4.

Vendor

Libreoffice

Product

Libreoffice

CWE

CWE-22

Yayın Tarihi

2025-01-07 12:15:24

Güncelleme

2025-12-08 18:38:59

Source Identifier

security@documentfoundation.org

KEV Date Added

Kategoriler

CWE-22 Libreoffice LOW Libreoffice 2025

Referanslar

https://www.libreoffice.org/about-us/security/advisories/cve-2024-12425 https://lists.debian.org/debian-lts-announce/2025/01/msg00013.html

Benzer Kayıtlar

Low

CVE-2025-14714

An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the T…

Low

CVE-2025-2866

Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper…

Medium

CVE-2021-25635

An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with…

High

CVE-2025-1080

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An addit…

High

CVE-2025-0514

Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targ…

Medium

CVE-2024-12426

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document…