Vulnerability Details CVE-2024-12425
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal.
An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files.
This issue affects LibreOffice: from 24.8 before < 24.8.4.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.6%
CVSS Severity
CVSS v3 Score 3.3
References
Products affected by CVE-2024-12425
-
cpe:2.3:a:libreoffice:libreoffice:24.8.0.0
-
cpe:2.3:a:libreoffice:libreoffice:24.8.0.1
-
cpe:2.3:a:libreoffice:libreoffice:24.8.0.2
-
cpe:2.3:a:libreoffice:libreoffice:24.8.0.3
-
cpe:2.3:a:libreoffice:libreoffice:24.8.1.1
-
cpe:2.3:a:libreoffice:libreoffice:24.8.1.2
-
cpe:2.3:a:libreoffice:libreoffice:24.8.2.1
-
cpe:2.3:a:libreoffice:libreoffice:24.8.3.1
-
cpe:2.3:a:libreoffice:libreoffice:24.8.3.2
-
cpe:2.3:o:debian:debian_linux:11.0