CVE-2017-11110Out-of-bounds Write in Catdoc

CWE-787Out-of-bounds Write7 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 57.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
CatdocDebian CatdocFossies Catdoc
Timeline
PublishedJul 8
Latest updateMay 13

Description

The ole_init function in ole.c in catdoc 0.95 allows remote attackers to cause a denial of service (heap-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted file, i.e., data is written to memory addresses before the beginning of the tmpBuf buffer.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/catdoc< catdoc 1:0.95-3 (bookworm)
Debiancatdoc/catdoc< 1:0.95-3+3
NVDfossies/catdoc0.95

🔴Vulnerability Details

2
GHSA
GHSA-63c4-r8fh-c85j: The ole_init function in ole2022-05-13
OSV
CVE-2017-11110: The ole_init function in ole2017-07-08

📋Vendor Advisories

1
Debian
CVE-2017-11110: catdoc - The ole_init function in ole.c in catdoc 0.95 allows remote attackers to cause a...2017

💬Community

3
Bugzilla
CVE-2017-11110 catdoc: Heap buffer overflow in the ole_init function2017-07-19
Bugzilla
CVE-2017-11110 catdoc: Heap buffer overflow in the ole_init function [fedora-all]2017-07-19
Bugzilla
CVE-2017-11110 catdoc: Heap buffer overflow in the ole_init function [epel-all]2017-07-19
CVE-2017-11110 — Out-of-bounds Write in Debian Catdoc | cvebase