Exposure of Environmental Variables in LibreOffice by The Document Foundation
CVE-2024-12426

6.7MEDIUM

Key Information:

Vendor: The Document Foundation
Status: Libreoffice
Vendor: CVE Published:; 7 January 2025

🔔 Create The Document Foundation Vulnerability Alert

What is CVE-2024-12426?

The vulnerability presents a significant risk within LibreOffice, allowing unauthorized actors to expose environmental variables and arbitrary INI file values. By exploiting this flaw, an attacker could potentially exfiltrate sensitive information to a remote server upon the opening of specially crafted documents containing URLs. This vulnerability affects versions of LibreOffice prior to 24.8.4, highlighting the importance of keeping software updated and exercising caution with document sources.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

LibreOffice 24.8

References

https://www.libreoffice.org/about-us/security/advisories/...

CVSS V4

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Jan 7, 2025
Vulnerability Reserved
Dec 10, 2024

Credit

Thomas Rinsma of Codean Labs

JSON

The Document Foundation

What is CVE-2024-12426?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.