CVE-2024-54028Integer Underflow (Wrap or Wraparound) in Catdoc

CWE-191Integer Underflow (Wrap or Wraparound)7 documents6 sources
Severity
7.8HIGHNVD
CNA8.4
EPSS
0.2%
top 61.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
CatdocDebian LinuxFossies Catdoc
Timeline
PublishedJun 2
Latest updateJun 11

Description

An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

Debiancatdoc/catdoc< 1:0.95-4.1+deb11u1+3
CVEListV5catdoc/catdoc0.95
NVDfossies/catdoc0.95

Also affects: Debian Linux 11.0

🔴Vulnerability Details

3
CVEList
CVE-2024-54028: An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 02025-06-02
GHSA
GHSA-h628-q67p-f6w4: An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 02025-06-02
OSV
CVE-2024-54028: An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 02025-06-02

📋Vendor Advisories

1
Debian
CVE-2024-54028: catdoc - An integer underflow vulnerability exists in the OLE Document DIFAT Parser funct...2024

🕵️Threat Intelligence

2
Talos
catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities2025-06-11
Talos
catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities2025-06-11
CVE-2024-54028 — Integer Underflow (Wrap or Wraparound) | cvebase