Описание
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 before < 24.8.4.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 4:24.8.4~rc2-0ubuntu1 |
| esm-infra/focal | not-affected | 1:6.4.7-0ubuntu0.20.04.13 |
| focal | released | 1:6.4.7-0ubuntu0.20.04.13 |
| jammy | released | 1:7.3.7-0ubuntu0.22.04.8 |
| noble | released | 4:24.2.7-0ubuntu0.24.04.2 |
| oracular | released | 4:24.8.4-0ubuntu0.24.10.2 |
| upstream | released | 24.8.4 |
Показывать по
EPSS
Связанные уязвимости
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 before < 24.8.4.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 before < 24.8.4.
Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 before < 24.8.4.
Уязвимость пакета офисных программ LibreOffice, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю получить доступ на чтение, изменение или удаление данных
EPSS