certfr_avis - CERTFR-2025-AVI-0006

CERTFR-2025-AVI-0006

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans LibreOffice. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Libreoffice	LibreOffice	LibreOffice versions antérieures à 24.8.4

References

Title

Publication Time

Tags

Bulletin de sécurité LibreOffice cve-2024-12426	2025-01-07	vendor-advisory
Bulletin de sécurité LibreOffice cve-2024-12425	2025-01-07	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "LibreOffice versions ant\u00e9rieures \u00e0 24.8.4",
      "product": {
        "name": "LibreOffice",
        "vendor": {
          "name": "Libreoffice",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-12425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12425"
    },
    {
      "name": "CVE-2024-12426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12426"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0006",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-01-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans LibreOffice. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans LibreOffice",
  "vendor_advisories": [
    {
      "published_at": "2025-01-07",
      "title": "Bulletin de s\u00e9curit\u00e9 LibreOffice cve-2024-12426",
      "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2024-12426/"
    },
    {
      "published_at": "2025-01-07",
      "title": "Bulletin de s\u00e9curit\u00e9 LibreOffice cve-2024-12425",
      "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2024-12425/"
    }
  ]
}

CVE-2024-12426 (GCVE-0-2024-12426)

Vulnerability from cvelistv5 – Published: 2025-01-07 12:22 – Updated: 2025-11-03 20:36

Summary

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links. This issue affects LibreOffice: from 24.8 before < 24.8.4.

Severity ?

6.7 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Assigner

Document Fdn.

References

URL

Tags

https://www.libreoffice.org/about-us/security/adv…

Impacted products

	Vendor	Product	Version
	The Document Foundation	LibreOffice	Affected: 24.8 , < < 24.8.4 (24.8 series)

Credits

Thomas Rinsma of Codean Labs

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12426",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-07T14:38:29.579414Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-07T14:38:34.076Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:36:39.840Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00013.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "LibreOffice",
          "vendor": "The Document Foundation",
          "versions": [
            {
              "lessThan": "\u003c 24.8.4",
              "status": "affected",
              "version": "24.8",
              "versionType": "24.8 series"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Thomas Rinsma of Codean Labs"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eExposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eURLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links.\u003cbr\u003e\u003c/div\u003e\u003cp\u003eThis issue affects LibreOffice: from 24.8 before \u0026lt; 24.8.4.\u003c/p\u003e"
            }
          ],
          "value": "Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice.\n\n\n\n\nURLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links.\n\n\nThis issue affects LibreOffice: from 24.8 before \u003c 24.8.4."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-13",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-13 Subverting Environment Variable Values"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-07T12:22:32.991Z",
        "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
        "shortName": "Document Fdn."
      },
      "references": [
        {
          "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2024-12426"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "URL fetching can be used to exfiltrate arbitrary INI file values and environment variables",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
    "assignerShortName": "Document Fdn.",
    "cveId": "CVE-2024-12426",
    "datePublished": "2025-01-07T12:22:32.991Z",
    "dateReserved": "2024-12-10T16:37:23.376Z",
    "dateUpdated": "2025-11-03T20:36:39.840Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-12425 (GCVE-0-2024-12425)

Vulnerability from cvelistv5 – Published: 2025-01-07 11:15 – Updated: 2025-11-03 20:36

Summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 before < 24.8.4.

Severity ?

2.4 (Low)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

Document Fdn.

References

URL

Tags

https://www.libreoffice.org/about-us/security/adv…

Impacted products

	Vendor	Product	Version
	The Document Foundation	LibreOffice	Affected: 24.8 , < < 24.8.4 (24.8 series)

Credits

Thomas Rinsma of Codean Labs

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12425",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-07T14:16:49.139137Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-07T14:17:01.599Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:36:38.438Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00013.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "LibreOffice",
          "vendor": "The Document Foundation",
          "versions": [
            {
              "lessThan": "\u003c 24.8.4",
              "status": "affected",
              "version": "24.8",
              "versionType": "24.8 series"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Thomas Rinsma of Codean Labs"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eImproper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eAn attacker can write to arbitrary locations, albeit suffixed with \".ttf\", by supplying a file in a format that supports embedded font files.\u003cbr\u003e\u003c/div\u003e\u003cp\u003eThis issue affects LibreOffice: from 24.8 before \u0026lt; 24.8.4.\u003c/p\u003e"
            }
          ],
          "value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal.\n\n\n\n\nAn attacker can write to arbitrary locations, albeit suffixed with \".ttf\", by supplying a file in a format that supports embedded font files.\n\n\nThis issue affects LibreOffice: from 24.8 before \u003c 24.8.4."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-597",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-597 Absolute Path Traversal"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-07T11:15:08.251Z",
        "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
        "shortName": "Document Fdn."
      },
      "references": [
        {
          "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2024-12425"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Path traversal leading to arbitrary .ttf file write",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2",
    "assignerShortName": "Document Fdn.",
    "cveId": "CVE-2024-12425",
    "datePublished": "2025-01-07T11:15:08.251Z",
    "dateReserved": "2024-12-10T16:37:20.903Z",
    "dateUpdated": "2025-11-03T20:36:38.438Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2025-AVI-0006

Solutions

CVE-2024-12426 (GCVE-0-2024-12426)

CVE-2024-12425 (GCVE-0-2024-12425)

Tags

Sightings

Nomenclature