SB2025012779 - Ubuntu update for libreoffice 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025012779

SB2025012779 - Ubuntu update for libreoffice

Published: January 27, 2025

Security Bulletin ID SB2025012779
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 50% Medium 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Path traversal (CVE-ID: CVE-2024-12425)

The vulnerability allows a remote attacker to overwrite arbitrary files on the system.

The vulnerability exists due to input validation error when processing documents with embedded .ttf font files. A remote attacker can create a specially crafted document, trick the victim into opening and and overwrite arbitrary files on the system, leading to remote code execution.


2) Information disclosure (CVE-ID: CVE-2024-12426)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to application allows to dynamically create links to external websites using information from environmental variables or INI file values. A remote attacker can trick the victim into opening a specially crafted documents and then clicking on the link in that document to gain access to potentially sensitive information.


Remediation

Install update from vendor's website.

References