CVE-2024-52035Integer Overflow or Wraparound in Catdoc

CWE-190Integer Overflow or Wraparound7 documents6 sources
Severity
7.8HIGHNVD
CNA8.4
EPSS
0.2%
top 61.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
CatdocDebian LinuxFossies Catdoc
Timeline
PublishedJun 2
Latest updateJun 11

Description

An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

Debiancatdoc/catdoc< 1:0.95-4.1+deb11u1+3
CVEListV5catdoc/catdoc0.95
NVDfossies/catdoc0.95

Also affects: Debian Linux 11.0

🔴Vulnerability Details

3
GHSA
GHSA-vpgx-c322-qgw5: An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 02025-06-02
OSV
CVE-2024-52035: An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 02025-06-02
CVEList
CVE-2024-52035: An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 02025-06-02

📋Vendor Advisories

1
Debian
CVE-2024-52035: catdoc - An integer overflow vulnerability exists in the OLE Document File Allocation Tab...2024

🕵️Threat Intelligence

2
Talos
catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities2025-06-11
Talos
catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities2025-06-11
CVE-2024-52035 — Integer Overflow or Wraparound | cvebase