Vulnerability CVE-2024-12425: Information

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 before < 24.8.4.

Published: Jan. 7, 2025
Modified: Jan. 7, 2025

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
LibreOffice-stillsisyphus24.8.4.2-alt124.8.4.2-alt1ALT-PU-2025-2236-2372289Fixed
LibreOffice-stillsisyphus_loongarch6424.8.4.2-alt124.8.4.2-alt1ALT-PU-2025-2292-1-Fixed
LibreOffice-stillc10f224.8.4.2-alt0.c10.124.8.4.2-alt0.c10.1ALT-PU-2025-2268-2372880Fixed
LibreOffice-stillp1124.8.4.2-alt124.8.4.2-alt1ALT-PU-2025-2262-2372879Fixed

References to Advisories, Solutions, and Tools