CVE-2023-31979 – CVE-2023-31979 is a buffer overflow vulnerabili... (How to Fix)

Q: What is the severity of CVE-2023-31979?

CVE-2023-31979 has a CVSS score of 7.8 (HIGH). CVE-2023-31979 is a buffer overflow vulnerability in Catdoc v0.95's process_file function that allows attackers to execute arbitrary code or cause denial of service. This affects systems running the vulnerable Catdoc version, particularly when processing malicious document files. Users and administrators who utilize Catdoc for document conversion are at risk.

📋 TL;DR

CVE-2023-31979 is a buffer overflow vulnerability in Catdoc v0.95's process_file function that allows attackers to execute arbitrary code or cause denial of service. This affects systems running the vulnerable Catdoc version, particularly when processing malicious document files. Users and administrators who utilize Catdoc for document conversion are at risk.

💻 Affected Systems

Products:

Catdoc

Versions: v0.95

Operating Systems: Linux, Unix-like systems, Windows (if compiled)

Default Config Vulnerable: ⚠️ Yes

Notes: Any system using Catdoc v0.95 to process document files is vulnerable. The vulnerability is in the default configuration.

📦 What is this software?

Catdoc by Fossies

View all CVEs affecting Catdoc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the Catdoc process, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) when processing specially crafted document files.

🟢

If Mitigated

Limited impact if Catdoc runs in sandboxed environments with minimal privileges.

🌐 Internet-Facing: MEDIUM - Requires user interaction to process malicious files, but web applications using Catdoc could be vulnerable.

🏢 Internal Only: MEDIUM - Internal users could exploit via malicious documents, but requires local access or file upload capabilities.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires the attacker to provide a malicious document file that Catdoc processes. The GitHub issue contains technical details that could facilitate exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.96 or later

Vendor Advisory: https://github.com/petewarden/catdoc/issues/9

Restart Required: No

Instructions:

1. Download latest Catdoc version from official repository. 2. Compile and install following standard build procedures. 3. Replace existing Catdoc binary with patched version.

🔧 Temporary Workarounds

Disable Catdoc usage

linux

Temporarily disable or remove Catdoc from systems until patched

sudo apt remove catdoc
sudo yum remove catdoc
rm /usr/local/bin/catdoc

Restrict file processing

all

Limit Catdoc to trusted document sources only

🧯 If You Can't Patch

Run Catdoc with minimal privileges using chroot or containerization
Implement strict input validation for documents processed by Catdoc

🔍 How to Verify

Check if Vulnerable:

Check Catdoc version: catdoc -v 2>&1 | head -1

Check Version:

catdoc -v 2>&1 | head -1

Verify Fix Applied:

Verify version is v0.96 or later: catdoc -v 2>&1 | grep -q '0.9[6-9]\|1\.' && echo 'Patched'

📡 Detection & Monitoring

Log Indicators:

Segmentation fault errors in system logs
Catdoc process crashes
Abnormal memory usage patterns

Network Indicators:

Unusual document file uploads to systems using Catdoc

SIEM Query:

process_name:"catdoc" AND (event_type:"crash" OR exit_code:139)

📊 Metadata

CVE ID: CVE-2023-31979

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: May 9, 2023

Last Updated: February 18, 2026

🔗 References

https://github.com/petewarden/catdoc/issues/9 Exploit,Issue Tracking,Third Party Advisory
https://github.com/petewarden/catdoc/issues/9 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31979, you might also want to check these: