CVE-2024-52035
published 2025-06-02CVE-2024-52035: An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| catdoc | catdoc | — | — |
| catdoc | catdoc | >= 0 < 1:0.95-4.1+deb11u1 | 1:0.95-4.1+deb11u1 |
| catdoc | catdoc | >= 0 < 1:0.95-6~deb12u1 | 1:0.95-6~deb12u1 |
| catdoc | catdoc | >= 0 < 1:0.95-6 | 1:0.95-6 |
| catdoc | catdoc | >= 0 < 1:0.95-6 | 1:0.95-6 |
| debian | catdoc | < catdoc 1:0.95-6~deb12u1 (bookworm) | catdoc 1:0.95-6~deb12u1 (bookworm) |
| debian | debian_linux | — | — |
| fossies | catdoc | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
GHSA
GHSA-vpgx-c322-qgw5: An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0
ghsa_unreviewed·2025-06-02
CVE-2024-52035 [HIGH] CWE-190 GHSA-vpgx-c322-qgw5: An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0
An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
OSV
CVE-2024-52035: An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0
osv·2025-06-02·CVSS 7.8
CVE-2024-52035 [HIGH] CVE-2024-52035: An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0
An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
Debian
CVE-2024-52035: catdoc - An integer overflow vulnerability exists in the OLE Document File Allocation Tab...
vendor_debian·2024·CVSS 8.4
CVE-2024-52035 [HIGH] CVE-2024-52035: catdoc - An integer overflow vulnerability exists in the OLE Document File Allocation Tab...
An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
Scope: local
bookworm: resolved (fixed in 1:0.95-6~deb12u1)
bullseye: resolved (fixed in 1:0.95-4.1+deb11u1)
forky: resolved (fixed in 1:0.95-6)
sid: resolved (fixed in 1:0.95-6)
trixie: resolved (fixed in 1:0.95-6)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2024-52035 catdoc: Catdoc Heap Corruption via File Parser [fedora-42]
bugzilla·2025-06-27·CVSS 7.8
CVE-2024-52035 [HIGH] CVE-2024-52035 catdoc: Catdoc Heap Corruption via File Parser [fedora-42]
CVE-2024-52035 catdoc: Catdoc Heap Corruption via File Parser [fedora-42]
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2369824
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Mainta
Talos
catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities
blogs_talos·2025-06-11·CVSS 8.4
[HIGH] catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities
## catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three zero-day vulnerabilities in catdoc, as well as vulnerabilities in Parallel, NVIDIA and High-Logic FontCreator 15.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, in adherence to Cisco’s third-party vulnerability disclosure policy , except in the case of the catdoc zero-day vulnerabilities, which were patched by our researcher ( patches found in this repository ). This is an unusual case, because the vendor could not be reached to fix these high-risk bugs; our policy does not include fixing third-party vulnerabilities.
For Snort coverage that can detect the exploitation of these vulnera
Talos
catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities
blogs_talos·2025-06-11·CVSS 8.4
[HIGH] catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three zero-day vulnerabilities in catdoc, as well as vulnerabilities in Parallel, NVIDIA and High-Logic FontCreator 15.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, in adherence to Cisco’s third-party vulnerability disclosure policy, except in the case of the catdoc zero-day vulnerabilities, which were patched by our researcher (patches found in this repository). This is an unusual case, because the vendor could not be reached to fix these high-risk bugs; our policy does not include fixing third-party vulnerabilities.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability
2025-06-02
Published