Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 before < 24.8.4.

The version of libreoffice installed on the remote host is prior to 5.3.6.1-21. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2LIBREOFFICE-2025-007 advisory.

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The     Document Foundation LibreOffice allows Absolute Path Traversal.



    An attacker can write to arbitrary locations, albeit suffixed with .ttf, by supplying a file in a format     that supports embedded font files.

    This issue affects LibreOffice: from 24.8 before < 24.8.4. (CVE-2024-12425)

    Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability     in The Document Foundation LibreOffice.



    URLs could be constructed which expanded environmental variables or INI file values, so potentially     sensitive information could be exfiltrated to a remote server on opening a document containing such links.

    This issue affects LibreOffice: from 24.8 before < 24.8.4. (CVE-2024-12426)

    Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker     to create a document which without prompt will execute scripts built-into LibreOffice on clicking a     graphic. Such scripts were previously deemed trusted but are now deemed untrusted. (CVE-2024-3044)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7228-1 advisory.

    Thomas Rinsma discovered that LibreOffice incorrectly handled paths when processing embedded font files.
    If a user or automated system were tricked into opening a specially crafted LibreOffice file, a remote     attacker could possibly use this issue to create arbitrary files ending with .ttf. (CVE-2024-12425)

    Thomas Rinsma discovered that LibreOffice incorrectly handled certain environment variables and INI file     values. If a user or automated system were tricked into opening a specially crafted LibreOffice file, a     remote attacker could possibly use this issue to exfiltrate sensitive information. (CVE-2024-12426)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5846 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5846-1                   security@debian.org     https://www.debian.org/security/                       Moritz Muehlenhoff     January 19, 2025                      https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : libreoffice     CVE ID         : CVE-2024-12425 CVE-2024-12426

    Thomas Rinsma discovered two security vulnerabilities in LibreOffice,     which could result in information disclosure or overwriting of files when     opening malformed documents.

    For the stable distribution (bookworm), these problems have been fixed in     version 4:7.4.7-1+deb12u6.

    We recommend that you upgrade your libreoffice packages.

    For the detailed security status of libreoffice please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/libreoffice

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4020 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-4020-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                   Bastien Roucaris     January 19, 2025                              https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : libreoffice     Version        : 1:7.0.4-4+deb11u12     CVE ID         : CVE-2024-12425 CVE-2024-12426

    Libreoffice an office productivity software suite,     was affected by two vulnerabilities

    CVE-2024-12425

        Improper Limitation of a Pathname to a Restricted Directory         ('Path Traversal') vulnerability allows Absolute Path Traversal.
        An attacker can write to arbitrary locations, albeit suffixed         with .ttf, by supplying a file in a format that supports         embedded font files

    CVE-2024-12426

        Exposure of Environmental Variables and arbitrary INI file values         to an Unauthorized Actor vulnerability.
        URLs could be constructed which expanded environmental variables         or INI file values, so potentially sensitive information could         be exfiltrated to a remote server on opening a document         containing such links.

    For Debian 11 bullseye, these problems have been fixed in version     1:7.0.4-4+deb11u12.

    We recommend that you upgrade your libreoffice packages.

    For the detailed security status of libreoffice please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/libreoffice

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of LibreOffice installed on the remote host is prior to 24.8.4. It is, therefore, affected by multiple vulnerabilities as referenced in the advisory.

  - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document     Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit     suffixed with '.ttf', by supplying a file in a format that supports embedded font files. (CVE-2024-12425)

  - Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in     The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI     file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document     containing such links. (CVE-2024-12426)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
234987	Amazon Linux 2 : libreoffice (ALASLIBREOFFICE-2025-007)	Nessus	Amazon Linux Local Security Checks	medium
214671	Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : LibreOffice vulnerabilities (USN-7228-1)	Nessus	Ubuntu Local Security Checks	medium
214390	Debian dsa-5846 : fonts-opensymbol - security update	Nessus	Debian Local Security Checks	medium
214388	Debian dla-4020 : fonts-opensymbol - security update	Nessus	Debian Local Security Checks	medium
214314	LibreOffice 24.8.x < 24.8.4 Multiple vulnerabilities	Nessus	Misc.	medium

Detections

Analytics

CVE-2024-12425

low

Tenable Plugins

medium

medium

medium

medium

medium