CVE-2024-12426

Name	CVE-2024-12426
Description	Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links. This issue affects LibreOffice: from 24.8 before < 24.8.4.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-4020-1, DSA-5846-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
libreoffice (PTS)	bullseye	1:7.0.4-4+deb11u10	vulnerable
	bullseye (security)	1:7.0.4-4+deb11u12	fixed
	bookworm	4:7.4.7-1+deb12u5	vulnerable
	bookworm (security)	4:7.4.7-1+deb12u6	fixed
	trixie	4:24.8.4-1	fixed
	sid	4:24.8.4-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
libreoffice	source	bullseye	1:7.0.4-4+deb11u12	DLA-4020-1
libreoffice	source	bookworm	4:7.4.7-1+deb12u6	DSA-5846-1
libreoffice	source	(unstable)	4:24.8.4-1

Notes

https://www.libreoffice.org/about-us/security/advisories/cve-2024-12426
[1/2] https://gerrit.libreoffice.org/c/core/+/176797
[2/2] https://gerrit.libreoffice.org/c/core/+/177987
Fixed by commit [1/2] https://git.libreoffice.org/core/+/d6c89af2598e866aa9cb4fa3600691fb558befdb%5E%21 (libreoffice-24.8.4.1)
Fixed by commit [2/2] https://git.libreoffice.org/core/+/b63aa51c55244ee67410201fa5e7c003427b1009%5E%21 (libreoffice-24.8.4.1)
Fixed by commit [1/2] https://github.com/LibreOffice/core/commit/a22d185ef7d141676e8a4db15471bfe6d283cb8c (distro/cib/libreoffice-6-4)
Fixed by commit [2/2] https://github.com/LibreOffice/core/commit/4915889ab56bc946264c257391ba6eeedfdfad95 (distro/cib/libreoffice-6-4)