Fossies Catdoc vulnerabilities

6 known vulnerabilities affecting fossies/catdoc.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2024-54028HIGHCVSS 7.8v0.952025-06-02
CVE-2024-54028 [HIGH] CWE-191 CVE-2024-54028: An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0 An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
nvd
CVE-2024-52035HIGHCVSS 7.8v0.952025-06-02
CVE-2024-52035 [HIGH] CWE-190 CVE-2024-52035: An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functional An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
nvd
CVE-2023-46345HIGHCVSS 7.5v0.952023-10-26
CVE-2023-46345 [HIGH] CWE-476 CVE-2023-46345: Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/x Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c.
nvd
CVE-2023-41633MEDIUMCVSS 5.5v0.952023-09-01
CVE-2023-41633 [MEDIUM] CWE-476 CVE-2023-41633: Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/f Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/fileutil.c.
nvd
CVE-2023-31979HIGHCVSS 7.8v0.952023-05-09
CVE-2023-31979 [HIGH] CWE-120 CVE-2023-31979: Catdoc v0.95 was discovered to contain a global buffer overflow via the function process_file at /sr Catdoc v0.95 was discovered to contain a global buffer overflow via the function process_file at /src/reader.c.
nvd
CVE-2017-11110HIGHCVSS 7.8v0.952017-07-08
CVE-2017-11110 [HIGH] CWE-787 CVE-2017-11110: The ole_init function in ole.c in catdoc 0.95 allows remote attackers to cause a denial of service ( The ole_init function in ole.c in catdoc 0.95 allows remote attackers to cause a denial of service (heap-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted file, i.e., data is written to memory addresses before the beginning of the tmpBuf buffer.
nvd