CVE-2024-54028

| EUVD-2024-54622 HIGH
2025-06-02 [email protected]
8.4
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 14, 2026 - 16:47 euvd
EUVD-2024-54622
Analysis Generated
Mar 14, 2026 - 16:47 vuln.today
PoC Detected
Feb 18, 2026 - 14:42 vuln.today
Public exploit code
CVE Published
Jun 02, 2025 - 15:15 nvd
HIGH 8.4

Tags

Buffer Overflow Catdoc Debian Linux

Description

An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

Analysis

Integer underflow vulnerability in catdoc 0.95's OLE Document DIFAT (Double-Indirect File Allocation Table) Parser that enables heap-based memory corruption through specially crafted malformed files. An attacker can exploit this local vulnerability (no privileges required) by providing a malicious OLE document to trigger the integer underflow, potentially achieving arbitrary code execution or denial of service. While no active KEV status or widespread POC is confirmed in this dataset, the CVSS 8.4 score and high impact ratings (confidentiality, integrity, availability all marked 'H') indicate this is a critical local code execution risk for users who process untrusted OLE documents.

Technical Context

The vulnerability exists in catdoc's implementation of the OLE Compound Document Format parser, specifically in DIFAT (Double-Indirect FAT) sector chain processing. The DIFAT structure is a critical component of OLE file format used by Microsoft Office legacy documents and other applications. The integer underflow (CWE-191) occurs when parsing sector counts or offsets in DIFAT chains—likely during size calculations where an attacker-controlled value is subtracted from another, causing the result to wrap around to a large positive value. This leads to out-of-bounds heap memory access when the parser allocates or reads buffers based on the underflowed value. Catdoc is a utility designed to extract text from OLE documents (primarily Microsoft Office .doc files), making it a target for document processing pipelines. Affected CPE likely includes: cpe:2.3:a:vova:catdoc:0.95:*:*:*:*:*:*:* (and potentially earlier versions depending on when the vulnerability was introduced).

Affected Products

- product: catdoc; vendor: Vova; affected_version: 0.95; cpe: cpe:2.3:a:vova:catdoc:0.95:*:*:*:*:*:*:*; notes: The vulnerability specifically affects the OLE Document DIFAT Parser; earlier versions should be tested for the same flaw but are not explicitly confirmed affected in the provided description.

Priority Score

62
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +42
POC: +20

Vendor Status

Ubuntu

Priority: Medium
catdoc
Release Status Version
xenial needs-triage -
bionic needs-triage -
focal needs-triage -
jammy needs-triage -
noble needs-triage -
upstream needs-triage -
oracular ignored end of life, was needs-triage
plucky ignored end of life, was needs-triage
questing needs-triage -

Debian

Bug #1107168
catdoc
Release Status Fixed Version Urgency
bullseye fixed 1:0.95-4.1+deb11u1 -
bullseye (security) fixed 1:0.95-4.1+deb11u1 -
bookworm, bookworm (security) fixed 1:0.95-6~deb12u1 -
forky, sid, trixie fixed 1:0.95-6 -
bookworm fixed 1:0.95-6~deb12u1 -
(unstable) fixed 1:0.95-6 -
DLA-4234-1 DSA-5953-1

Share

CVE-2024-54028 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy