VYPR
Vendor

Catdoc

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2017-11110HigJul 8, 2017
    risk 0.51cvss 7.8epss 0.01

    The ole_init function in ole.c in catdoc 0.95 allows remote attackers to cause a denial of service (heap-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted file, i.e., data is written to memory addresses before the beginning of…

  • CVE-2024-52035Jun 2, 2025
    risk 0.00cvss epss 0.00

    An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2024-54028Jun 2, 2025
    risk 0.00cvss epss 0.00

    An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2023-46345Oct 25, 2023
    risk 0.00cvss epss 0.01

    Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c.

  • CVE-2023-41633Sep 1, 2023
    risk 0.00cvss epss 0.00

    Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/fileutil.c.

  • CVE-2023-31979May 9, 2023
    risk 0.00cvss epss 0.00

    Catdoc v0.95 was discovered to contain a global buffer overflow via the function process_file at /src/reader.c.

  • CVE-2003-0193Aug 18, 2004
    risk 0.00cvss epss 0.00

    msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names ("word$$.html").