CVE-2024-54028

Published: Jun 2, 2025Modified: Jun 17, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

Affected (2)

Products: Fossies: Catdoc · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fossies Catdoc	Version 0.95

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 11.0

Related CWEs

Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References (3)

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2132

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://lists.debian.org/debian-lts-announce/2025/06/msg00032.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2132

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.