CVE-2024-12425
Publication date 7 January 2025
Last updated 27 January 2025
Ubuntu priority
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ”.ttf”, by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 before < 24.8.4.
Status
Package | Ubuntu Release | Status |
---|---|---|
libreoffice | 24.10 oracular |
Fixed 4:24.8.4-0ubuntu0.24.10.2
|
24.04 LTS noble |
Fixed 4:24.2.7-0ubuntu0.24.04.2
|
|
22.04 LTS jammy |
Fixed 1:7.3.7-0ubuntu0.22.04.8
|
|
20.04 LTS focal |
Fixed 1:6.4.7-0ubuntu0.20.04.13
|
Notes
Patch details
Package | Patch details |
---|---|
libreoffice |
References
Related Ubuntu Security Notices (USN)
- USN-7228-1
- LibreOffice vulnerabilities
- 27 January 2025