Primary

Context

LibreOffice Path Traversal Vulnerability Allowing Arbitrary .ttf File Write

Vulnerability

Patched

A path traversal vulnerability has been identified in LibreOffice versions 24.8 prior to 24.8.4, allowing for absolute path traversal. This vulnerability enables an attacker to write to arbitrary locations, provided the locations are accessible for writing, by embedding a file in a format that supports embedded fonts. The written files are always suffixed with '.ttf'.

Impact

Exploitation of this vulnerability could lead to unauthorized writing of files with a '.ttf' extension to locations accessible by the user.

Remediation

Users are advised to upgrade to LibreOffice version 24.8.4 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LibreOffice Path Traversal Vulnerability Allowing Arbitrary .ttf File Write

Vulnerability

Impact

Remediation

Affected Products

The Document Foundation LibreOffice

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating