EUVD-2024-54624
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
5Description
An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
Analysis
CVE-2024-52035 is an integer overflow vulnerability in catdoc 0.95's OLE Document File Allocation Table (FAT) parser that enables heap-based memory corruption when processing malformed files. The vulnerability affects users of catdoc 0.95 who process untrusted OLE documents (Microsoft Office legacy formats), allowing local attackers to corrupt heap memory and potentially achieve code execution. No active KEV status or widespread exploitation has been reported; however, the high CVSS score (8.4) and local attack vector indicate moderate real-world risk for environments processing user-supplied documents.
Technical Context
Catdoc is a legacy document converter utility that parses OLE (Object Linking and Embedding) compound document files, a binary format used by older Microsoft Office applications (.doc, .xls, .ppt). The vulnerability resides in the FAT (File Allocation Table) parser component, which tracks data cluster allocation within OLE files. CWE-190 (Integer Overflow or Wraparound) occurs when parsing malformed FAT sector counts or allocation sizes: inadequate bounds checking allows integer arithmetic to overflow, resulting in undersized heap buffer allocations. Subsequent operations then write beyond allocated memory. The OLE specification defines specific structures (header, FAT arrays, mini FAT) where integer overflow in size calculations is feasible. CPE identifiers: cpe:2.3:a:catdoc:catdoc:0.95:*:*:*:*:*:*:* (and potentially affected in earlier/later versions pending verification).
Affected Products
- product: catdoc; version: 0.95; cpe: cpe:2.3:a:catdoc:catdoc:0.95:*:*:*:*:*:*:*; description: Confirmed vulnerable version. Version history prior to 0.95 and any versions after should be checked for backport applicability.
Remediation
Upgrade catdoc beyond version 0.95. Consult upstream repository (github.com/vkartavenko/catdoc or original source) for patched version. As of this CVE's publication date (2024), version availability should be confirmed from official sources.; priority: Critical for production systems processing untrusted documents Workaround: If upgrade is not immediately feasible: (1) Restrict catdoc processing to trusted, pre-validated OLE files; (2) Implement file validation using external tools (e.g., olefile Python library) to sanity-check FAT structures before passing to catdoc; (3) Run catdoc in sandboxed environment (container, VM, SELinux confinement) to contain memory corruption fallout.; priority: Temporary mitigation Detection: Monitor for crashes or unexpected behavior in catdoc processes. Implement input validation: reject OLE files with suspicious FAT sector counts or sizes that deviate significantly from specification.; priority: Ongoing
Priority Score
Vendor Status
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| xenial | needs-triage | - |
| bionic | needs-triage | - |
| focal | needs-triage | - |
| jammy | needs-triage | - |
| noble | needs-triage | - |
| upstream | needs-triage | - |
| oracular | ignored | end of life, was needs-triage |
| plucky | ignored | end of life, was needs-triage |
| questing | needs-triage | - |
Debian
Bug #1107168| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | fixed | 1:0.95-4.1+deb11u1 | - |
| bullseye (security) | fixed | 1:0.95-4.1+deb11u1 | - |
| bookworm, bookworm (security) | fixed | 1:0.95-6~deb12u1 | - |
| forky, sid, trixie | fixed | 1:0.95-6 | - |
| bookworm | fixed | 1:0.95-6~deb12u1 | - |
| (unstable) | fixed | 1:0.95-6 | - |
Share
External POC / Exploit Code
Leaving vuln.today