Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
AnalysisAI
CVE-2024-52035 is an integer overflow vulnerability in catdoc 0.95's OLE Document File Allocation Table (FAT) parser that enables heap-based memory corruption when processing malformed files. The vulnerability affects users of catdoc 0.95 who process untrusted OLE documents (Microsoft Office legacy formats), allowing local attackers to corrupt heap memory and potentially achieve code execution. No active KEV status or widespread exploitation has been reported; however, the high CVSS score (8.4) and local attack vector indicate moderate real-world risk for environments processing user-supplied documents.
Technical ContextAI
Catdoc is a legacy document converter utility that parses OLE (Object Linking and Embedding) compound document files, a binary format used by older Microsoft Office applications (.doc, .xls, .ppt). The vulnerability resides in the FAT (File Allocation Table) parser component, which tracks data cluster allocation within OLE files. CWE-190 (Integer Overflow or Wraparound) occurs when parsing malformed FAT sector counts or allocation sizes: inadequate bounds checking allows integer arithmetic to overflow, resulting in undersized heap buffer allocations. Subsequent operations then write beyond allocated memory. The OLE specification defines specific structures (header, FAT arrays, mini FAT) where integer overflow in size calculations is feasible. CPE identifiers: cpe:2.3:a:catdoc:catdoc:0.95:*:*:*:*:*:*:* (and potentially affected in earlier/later versions pending verification).
RemediationAI
Upgrade catdoc beyond version 0.95. Consult upstream repository (github.com/vkartavenko/catdoc or original source) for patched version. As of this CVE's publication date (2024), version availability should be confirmed from official sources.; priority: Critical for production systems processing untrusted documents Workaround: If upgrade is not immediately feasible: (1) Restrict catdoc processing to trusted, pre-validated OLE files; (2) Implement file validation using external tools (e.g., olefile Python library) to sanity-check FAT structures before passing to catdoc; (3) Run catdoc in sandboxed environment (container, VM, SELinux confinement) to contain memory corruption fallout.; priority: Temporary mitigation Detection: Monitor for crashes or unexpected behavior in catdoc processes. Implement input validation: reject OLE files with suspicious FAT sector counts or sizes that deviate significantly from specification.; priority: Ongoing
More in Debian Linux
View allRoundcube Webmail contains a critical PHP object deserialization vulnerability (CVE-2025-49113, CVSS 9.9) that allows au
GNU Inetutils telnetd through version 2.7 contains a critical authentication bypass that allows remote attackers to gain
Erlang/OTP SSH server allows unauthenticated remote code execution by exploiting a flaw in SSH protocol message handling
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows rem
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18,
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, an
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction wi
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execut
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to e
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.2
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Integer Overflow
View allVendor StatusVendor
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| xenial | needs-triage | - |
| bionic | needs-triage | - |
| focal | needs-triage | - |
| jammy | needs-triage | - |
| noble | needs-triage | - |
| upstream | needs-triage | - |
| oracular | ignored | end of life, was needs-triage |
| plucky | ignored | end of life, was needs-triage |
| questing | needs-triage | - |
Debian
Bug #1107168| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | fixed | 1:0.95-4.1+deb11u1 | - |
| bullseye (security) | fixed | 1:0.95-4.1+deb11u1 | - |
| bookworm, bookworm (security) | fixed | 1:0.95-6~deb12u1 | - |
| forky, sid, trixie | fixed | 1:0.95-6 | - |
| bookworm | fixed | 1:0.95-6~deb12u1 | - |
| (unstable) | fixed | 1:0.95-6 | - |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2024-54624