CVE-2024-12425 Information

Description

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal.

An attacker can write to arbitrary locations albeit suffixed with .ttf\ by supplying a file in a format that supports embedded font files.

This issue affects LibreOffice: from 24.8 before < 24.8.4.

Reference

https://www.libreoffice.org/about-us/security/advisories/cve-2024-12425