Описание
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal.
An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files.
This issue affects LibreOffice: from 24.8 before < 24.8.4.
A flaw was found in LibreOffice. This vulnerability can allow an attacker to write to arbitrary locations on the file system suffixed with ".ttf" via a specially crafted file that supports embedded font files.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libreoffice | Not affected | ||
| Red Hat Enterprise Linux 7 | libreoffice | Not affected | ||
| Red Hat Enterprise Linux 8 | libreoffice | Not affected | ||
| Red Hat Enterprise Linux 9 | libreoffice | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
2.8 Low
CVSS3
Связанные уязвимости
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 before < 24.8.4.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 before < 24.8.4.
Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 before < 24.8.4.
Уязвимость пакета офисных программ LibreOffice, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю получить доступ на чтение, изменение или удаление данных
EPSS
2.8 Low
CVSS3