Amazon Linux 2 : libreoffice (ALASLIBREOFFICE-2025-007)

The version of libreoffice installed on the remote host is prior to 5.3.6.1-21. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2LIBREOFFICE-2025-007 advisory. Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The Documen...

[SECURITY] [DLA 4020-1] libreoffice security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4020-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès January 19, 2025 https://wiki.debian.org/LTS -...

CVE-2024-12426 URL fetching can be used to exfiltrate arbitrary INI file values and environment variables

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...

CVE-2024-12426 URL fetching can be used to exfiltrate arbitrary INI file values and environment variables

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...

PT-2024-10221 · Document Foundation +5 · Libreoffice +5

Name of the Vulnerable Software and Affected Versions: LibreOffice versions 24.8 through 24.8.3 Description: The issue is related to the exposure of environmental variables and arbitrary INI file values to an unauthorized actor. URLs could be constructed to expand these variables, potentially...