- Package:
- src:catdoc
- Source:
- src:catdoc
- Submitter:
- Salvatore Bonaccorso
- Date:
- 2025-06-30 19:05:03 UTC
- Severity:
- normal
- Tags:
Hi, The following vulnerabilities were published for catdoc. CVE-2024-48877[0]: | A memory corruption vulnerability exists in the Shared String Table | Record Parser implementation in xls2csv utility version 0.95. A | specially crafted malformed file can lead to a heap buffer overflow. | An attacker can provide a malicious file to trigger this | vulnerability. CVE-2024-52035[1]: | An integer overflow vulnerability exists in the OLE Document File | Allocation Table Parser functionality of catdoc 0.95. A specially | crafted malformed file can lead to heap-based memory corruption. An | attacker can provide a malicious file to trigger this vulnerability. CVE-2024-54028[2]: | An integer underflow vulnerability exists in the OLE Document DIFAT | Parser functionality of catdoc 0.95. A specially crafted malformed | file can lead to heap-based memory corruption. An attacker can | provide a malicious file to trigger this vulnerability. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-48877 https://www.cve.org/CVERecord?id=CVE-2024-48877 [1] https://security-tracker.debian.org/tracker/CVE-2024-52035 https://www.cve.org/CVERecord?id=CVE-2024-52035 [2] https://security-tracker.debian.org/tracker/CVE-2024-54028 https://www.cve.org/CVERecord?id=CVE-2024-54028 Regards, Salvatore
We believe that the bug you reported is fixed in the latest version of
catdoc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1107168@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Martina Ferrari <tina@debian.org> (supplier of updated catdoc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Mon, 16 Jun 2025 16:10:01 +0000
Source: catdoc
Architecture: source
Version: 1:0.95-6
Distribution: unstable
Urgency: medium
Maintainer: Martina Ferrari <tina@debian.org>
Changed-By: Martina Ferrari <tina@debian.org>
Closes: 1107168
Changes:
catdoc (1:0.95-6) unstable; urgency=medium
.
* Add patches prepared by Cisco Talos team to address multiple security
vulnerabilities: CVE-2024-48877, CVE-2024-52035, and CVE-2024-54028.
Thanks to Ali Rizvi-Santiago from the Talos team who found and fixed the
vulnerabilities, and to Salvatore Bonaccorso from the Debian Security Team
for all his help and infinite patience.
Closes: #1107168
Checksums-Sha1:
5d918915881a15c6ca6efd32f2b4b7f2129234a3 1814 catdoc_0.95-6.dsc
e717829e052fdf603a9994418a11484b94b78dc6 16116 catdoc_0.95-6.debian.tar.xz
3eef8a452fb273838fb6698d7dc36d90fef8491f 6696 catdoc_0.95-6_amd64.buildinfo
Checksums-Sha256:
713c020e389021e3c2423c81397ee2807d9a57fd72d97d1ba6a42540e8d82684 1814 catdoc_0.95-6.dsc
943ec46b792d576c469212a75e4d702c672b664558176440f76ccbc03510dc70 16116 catdoc_0.95-6.debian.tar.xz
bb44194f4b86ce79abd0086459f34ee4e0dd09e9b6a3be43069014f7ee3a453e 6696 catdoc_0.95-6_amd64.buildinfo
Files:
e8c5a4485ec488356d61b4de376b4326 1814 text optional catdoc_0.95-6.dsc
39bb6a3aef988869582a4b4d247728d2 16116 text optional catdoc_0.95-6.debian.tar.xz
3accff55d15e1e19970ec82b013216fb 6696 text optional catdoc_0.95-6_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE2qbv8cYn6hwmsaaSqiMPxF+MJ7EFAmhQQvMACgkQqiMPxF+M
J7G8Ag/+LnytbAXDr0Y5DizvUIwWcdvSs14JfzeYeB4V64OUXSToOXdO/azHbTvq
ow/bHr50tjvVoLKC8mIH0vm1XwaElFf+FTm+ZzPkVcL6wpH+Vy+L6j5xhBXAPkx8
OFl0ehSRG3ClUHtHn1M2YLMkWsauC1NJ29LfPnVxy1xNK/hmzaz/OYpBKJ8wFzZs
jtv77jkKrvnZpdZuC6hl7i9c5jInyR+kHJ8PxQZ6NsIOtrglIhV0mPhKN7m0ytcM
6dEQQo0Kj1Op2c9Z2cdmDmjSmPvJxA7UxfHy76B4PHvcGTaqnhI08hbFUC39tXaK
mmez+/uvaBlOBX1mPyH/2+FeMTw4evpnYQSiJ7f+IK6N2meVP98IJLwXE8vikV2C
6KPQrXPOZg0SuRD3cOpMiqkfvdZbJ/ngTG3HF9Eokk++GuindWDwhr61nXRooabK
7u8gzP85m8Eu0lfYGBSoiKTLMqGH5+SD5VcFGhq7LwjIvr7gay0bZDhmhR6ejnJx
WPmCqM15C2cpHn8e/TkbVAJ5OUzLfx/pRPMw44uiJ9cUfQrbbJct48rfp99QjQ/M
ULPd5NaFWoSUDW5ozV10wOUBw2jl/ocAdELb10h9PIATbvAcE2N3TLvjrDzJKp8c
Fr+BrtOJFaNNQ1H4PRBNgWnDwGUBA5+ggyGRtG/FHJhfGEHe/+s=
=5VdN
-----END PGP SIGNATURE-----
We believe that the bug you reported is fixed in the latest version of
catdoc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1107168@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated catdoc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Fri, 27 Jun 2025 00:03:19 +0200
Source: catdoc
Architecture: source
Version: 1:0.95-6~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Martina Ferrari <tina@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1107168
Changes:
catdoc (1:0.95-6~deb12u1) bookworm-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Rebuild for bookworm-security
.
catdoc (1:0.95-6) unstable; urgency=medium
.
* Add patches prepared by Cisco Talos team to address multiple security
vulnerabilities: CVE-2024-48877, CVE-2024-52035, and CVE-2024-54028.
Thanks to Ali Rizvi-Santiago from the Talos team who found and fixed the
vulnerabilities, and to Salvatore Bonaccorso from the Debian Security Team
for all his help and infinite patience.
Closes: #1107168
Checksums-Sha1:
66f57fba38ab77eb071f22ffcec79fd8e185a5a9 2001 catdoc_0.95-6~deb12u1.dsc
0da301e347e36fdf1f3fd3bf0bd4bf2626cb6263 169084 catdoc_0.95.orig.tar.gz
e796cdfcd5ef18eac099e8f76f0d27e8528d3602 16156 catdoc_0.95-6~deb12u1.debian.tar.xz
Checksums-Sha256:
09e13ca6919ce88248ecadc7be6b202f1f078052f5dae2032e8886cd238e379f 2001 catdoc_0.95-6~deb12u1.dsc
0d6ef66ff18d93915e62d77845194ba92bf49b60305c51f866a6f55421e37a79 169084 catdoc_0.95.orig.tar.gz
ae5c18a3be904ab23d5e7b30344d675b8a67ee5bba7223038cdd6f6ca4d9e226 16156 catdoc_0.95-6~deb12u1.debian.tar.xz
Files:
9056f31a02a504f5f1a80b50c4a862b0 2001 text optional catdoc_0.95-6~deb12u1.dsc
f047aff8913d36aada5ab98d3621fb82 169084 text optional catdoc_0.95.orig.tar.gz
c052355913e2c87b5347f1842ddb6c0b 16156 text optional catdoc_0.95-6~deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmhdxM9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EwXUP/i3yxnP65TcXpng710dOs4NN9SRZPDtN
17Fmxe0T2DNxXKZUHioOZOlKXPU1q1NvRgvr5MDi9uMzc7WbvR9GMvlMBQUdIvcZ
Dqjfi9z0JrWE/q7stGn08pOC6KcnZ1zOXS/S+aGaucAL27aeeVpLz70BP/zScpRe
v0ZoFQBEWHx0PP41ZQof+5ras0jp0dmvNTG0LtWH8nBla/xhf2xVUujBNOgkwcgb
E0nH8TBDy767mQ0JZRd437vaOr2vTleOOxHM0Gn+oBSMDMU3BjQtC/IMkKFp8cDX
+sDbd+D8oi58c8tSUrSqRPa5zgl2AfSTfRAbnG7F6BvVxmaAgYmYR38TVUT0rN89
qTbvh14X1gLMFcz84QBu6acTOMJ/NG+N7plp4eMbndd+KefZZfHmzz6Kpxpmun04
RRuag/9OB2VU3M1Vi2vShMZXUJFluo734h0y+fBbnzGfmn1NzwZYZEKPCYVFV5Kq
OXjTJSDMNHKv2F7t1VWiMyGmPJfQdF16q9aLKc9n7zjieLMO2zNRCyldgI6SSs2v
4gIkJpJUsVFdlv7EkiuxHJB8UdrMSRLwm6rQToGAx0yt2hfqeduv0OlH3GMDWJ69
IiHSpbvSnTZFQIftS2Y5LM4lry803bLNcxq+Ym+gA1h6bJP7/Bdum1POikWAGMVj
qHP8/XyxeVaJ
=GxH9
-----END PGP SIGNATURE-----