Main Vulnerability Database Vulnerabilities #VU102417

Information disclosure in LibreOffice - CVE-2024-12426

Published: January 7, 2025

Vulnerability identifier: #VU102417

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-12426

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: LibreOffice

Affected software:
LibreOffice

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to application allows to dynamically create links to external websites using information from environmental variables or INI file values. A remote attacker can trick the victim into opening a specially crafted documents and then clicking on the link in that document to gain access to potentially sensitive information.

How to mitigate CVE-2024-12426

Install updates from vendor's website.

Sources

https://www.libreoffice.org/about-us/security/advisories/cve-2024-12426/

Information disclosure in LibreOffice - CVE-2024-12426

Detailed vulnerability description

How to mitigate CVE-2024-12426

Sources

Please verify you're human