Catdoc
Monthly
Integer underflow vulnerability in catdoc 0.95's OLE Document DIFAT (Double-Indirect File Allocation Table) Parser that enables heap-based memory corruption through specially crafted malformed files. An attacker can exploit this local vulnerability (no privileges required) by providing a malicious OLE document to trigger the integer underflow, potentially achieving arbitrary code execution or denial of service. While no active KEV status or widespread POC is confirmed in this dataset, the CVSS 8.4 score and high impact ratings (confidentiality, integrity, availability all marked 'H') indicate this is a critical local code execution risk for users who process untrusted OLE documents.
CVE-2024-52035 is an integer overflow vulnerability in catdoc 0.95's OLE Document File Allocation Table (FAT) parser that enables heap-based memory corruption when processing malformed files. The vulnerability affects users of catdoc 0.95 who process untrusted OLE documents (Microsoft Office legacy formats), allowing local attackers to corrupt heap memory and potentially achieve code execution. No active KEV status or widespread exploitation has been reported; however, the high CVSS score (8.4) and local attack vector indicate moderate real-world risk for environments processing user-supplied documents.
Integer underflow vulnerability in catdoc 0.95's OLE Document DIFAT (Double-Indirect File Allocation Table) Parser that enables heap-based memory corruption through specially crafted malformed files. An attacker can exploit this local vulnerability (no privileges required) by providing a malicious OLE document to trigger the integer underflow, potentially achieving arbitrary code execution or denial of service. While no active KEV status or widespread POC is confirmed in this dataset, the CVSS 8.4 score and high impact ratings (confidentiality, integrity, availability all marked 'H') indicate this is a critical local code execution risk for users who process untrusted OLE documents.
CVE-2024-52035 is an integer overflow vulnerability in catdoc 0.95's OLE Document File Allocation Table (FAT) parser that enables heap-based memory corruption when processing malformed files. The vulnerability affects users of catdoc 0.95 who process untrusted OLE documents (Microsoft Office legacy formats), allowing local attackers to corrupt heap memory and potentially achieve code execution. No active KEV status or widespread exploitation has been reported; however, the high CVSS score (8.4) and local attack vector indicate moderate real-world risk for environments processing user-supplied documents.