Updated catdoc packages fix security vulnerabilities
Publication date: 05 Jul 2025Modification date: 05 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-48877 , CVE-2024-52035 , CVE-2024-54028
Description
A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in the xls2csv utility version 0.95. (CVE-2024-48877) An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. (CVE-2024-52035) An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. (CVE-2024-54028)
References
- https://bugs.mageia.org/show_bug.cgi?id=34411
- https://lists.debian.org/debian-security-announce/2025/msg00117.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48877
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52035
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54028
SRPMS
9/core
- catdoc-0.95-5.1.mga9