CVE-2017-11110
Description
Heap-based buffer underflow in catdoc 0.95's ole_init function allows denial of service via crafted OLE file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Heap-based buffer underflow in catdoc 0.95's ole_init function allows denial of service via crafted OLE file.
Vulnerability
The ole_init function in ole.c of catdoc version 0.95 contains a heap-based buffer underflow vulnerability. When processing a specially crafted OLE file, data is written to memory addresses before the beginning of the tmpBuf buffer, leading to memory corruption. The affected version is catdoc 0.95.
Exploitation
An attacker can exploit this vulnerability by providing a malicious OLE file to a user or system that processes it with catdoc 0.95. No authentication or special network position is required; the attack vector is local or remote if the file is delivered via email or download. The user must open the crafted file with catdoc, triggering the vulnerable code path in ole_init.
Impact
Successful exploitation results in a denial of service (application crash) due to the heap-based buffer underflow. The description also mentions the possibility of unspecified other impact, but the primary consequence is a crash leading to service disruption.
Mitigation
No fix has been disclosed in the available references. Users should consider avoiding processing untrusted OLE files with catdoc 0.95 or migrating to an alternative tool that is actively maintained.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
News mentions
0No linked articles in our index yet.