Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-12425

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 before < 24.8.4.

Published

2025-01-07T12:15:24.183

Last Modified

2025-12-08T18:38:59.543

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 3.3 (LOW)

Weaknesses

Type: Secondary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	libreoffice	libreoffice	< 24.8.4	Yes
Application	libreoffice	libreoffice	24.8.0.0	Yes
Application	libreoffice	libreoffice	24.8.0.0	Yes
Operating System	debian	debian_linux	11.0	Yes

References

https://www.libreoffice.org/about-us/security/advisories/cve-2024-12425 Vendor Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2025/01/msg00013.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)