{"id":"CVE-2024-12425","details":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal.\n\n\n\n\nAn attacker can write to arbitrary locations, albeit suffixed with \".ttf\", by supplying a file in a format that supports embedded font files.\n\n\nThis issue affects LibreOffice: from 24.8 before \u003c 24.8.4.","modified":"2026-04-16T04:41:58.225312814Z","published":"2025-01-07T12:15:24.183Z","references":[{"type":"ADVISORY","url":"https://www.libreoffice.org/about-us/security/advisories/cve-2024-12425"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00013.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libreoffice/core","events":[{"introduced":"0"},{"last_affected":"a17e39caaf73108bee692d6f64a44c62f4066f1d"},{"introduced":"0"},{"last_affected":"318462181c709ed29c01eb3239b4d600d7b82ecc"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"24.8.0.0-alpha1"},{"introduced":"0"},{"last_affected":"24.8.0.0-beta1"}]}}],"versions":["MELD_LIBREOFFICE_REPOS","gpg4libre-review-5.4.99","libreoffice-24-2-branch-point","libreoffice-24-8-branch-point","libreoffice-24.8.0.0.alpha1","libreoffice-24.8.0.0.beta1","libreoffice-3-5-branch-point","libreoffice-3-6-branch-point","libreoffice-3.5.0.0","libreoffice-4-0-branch-point","libreoffice-4-1-branch-point","libreoffice-4-2-branch-point","libreoffice-4-2-milestone-1","libreoffice-4-3-branch-point","libreoffice-4-4-branch-point","libreoffice-5-0-branch-point","libreoffice-5-1-branch-point","libreoffice-5-2-branch-point","libreoffice-5-3-branch-point","libreoffice-5-4-branch-point","libreoffice-6-0-branch-point","libreoffice-6-1-branch-point","libreoffice-6-2-branch-point","libreoffice-6-3-branch-point","libreoffice-6-4-branch-point","libreoffice-7-0-branch-point","libreoffice-7-1-branch-point","libreoffice-7-2-branch-point","libreoffice-7-3-branch-point","libreoffice-7-4-branch-point","libreoffice-7-5-branch-point","libreoffice-7-6-branch-point","sdremote-2.0.0","windows_build_successful_2011_11_08"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12425.json","unresolved_ranges":[{"events":[{"introduced":"24.8.0.1"},{"fixed":"24.8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}]}