Vulnerability CVE-2024-12425: Information
Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 before < 24.8.4.
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
LibreOffice-still | sisyphus | 24.8.4.2-alt1 | 24.8.4.2-alt1 | ALT-PU-2025-2236-2 | 372289 | Fixed |
LibreOffice-still | sisyphus_loongarch64 | 24.8.4.2-alt1 | 24.8.4.2-alt1 | ALT-PU-2025-2292-1 | - | Fixed |
LibreOffice-still | c10f2 | 24.8.4.2-alt0.c10.1 | 24.8.4.2-alt0.c10.1 | ALT-PU-2025-2268-2 | 372880 | Fixed |
LibreOffice-still | p11 | 24.8.4.2-alt1 | 24.8.4.2-alt1 | ALT-PU-2025-2262-2 | 372879 | Fixed |