CVE-2024-12425

Publication date 7 January 2025

Last updated 14 January 2025

Ubuntu priority

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 before < 24.8.4.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libreoffice	24.10 oracular	Needs evaluation
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation

Notes

mdeslaur

likely affects earlier releases than 24.8, contrary to description

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libreoffice	Upstream: https://git.libreoffice.org/core/+/383067b41647e70e0a304bddf529aacfe015099f%5E%21 Upstream: 02e3aea

CVE-2024-12425

Status

Notes

mdeslaur

Patch details

References

Other references