Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-12426

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links. This issue affects LibreOffice: from 24.8 before < 24.8.4.

Published

2025-01-07T13:15:07.210

Last Modified

2025-12-08T18:35:10.530

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-200
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	libreoffice	libreoffice	< 24.8.4	Yes
Application	libreoffice	libreoffice	24.8.0.0	Yes
Application	libreoffice	libreoffice	24.8.0.0	Yes
Operating System	debian	debian_linux	11.0	Yes

References

https://www.libreoffice.org/about-us/security/advisories/cve-2024-12426 Vendor Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2025/01/msg00013.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)