CVE-2024-54028 – An integer underflow vulnerability in catdoc's ... (How to Fix)

📋 TL;DR

An integer underflow vulnerability in catdoc's OLE Document DIFAT parser allows heap-based memory corruption when processing specially crafted files. Attackers can exploit this by providing malicious documents, potentially leading to arbitrary code execution or denial of service. Users and systems processing untrusted Microsoft Office documents with catdoc are affected.

💻 Affected Systems

Products:

catdoc

Versions: catdoc 0.95

Operating Systems: Linux, Unix-like systems, Windows (if compiled)

Default Config Vulnerable: ⚠️ Yes

Notes: Any system using catdoc to convert or extract text from Microsoft Office documents is vulnerable when processing untrusted files.

📦 What is this software?

Catdoc by Fossies

View all CVEs affecting Catdoc →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the catdoc process, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) or limited memory corruption leading to unstable behavior.

🟢

If Mitigated

Contained crash with no privilege escalation if catdoc runs in sandboxed/low-privilege environment.

🌐 Internet-Facing: MEDIUM - Requires file upload/processing capability; not directly network exploitable.

🏢 Internal Only: MEDIUM - Internal users could exploit via shared documents or automated processing systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires crafting a malicious OLE document and convincing user/system to process it. No public exploit code known at disclosure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: catdoc 0.95.1 or later

Vendor Advisory: https://lists.debian.org/debian-lts-announce/2025/06/msg00032.html

Restart Required: No

Instructions:

1. Check current version: catdoc -V
2. Update via package manager: apt-get update && apt-get install catdoc
3. Or compile from source: download latest from official repository
4. Verify fix with catdoc -V showing 0.95.1+

🔧 Temporary Workarounds

Disable catdoc processing

linux

Temporarily disable or remove catdoc from systems until patched

sudo apt-get remove catdoc
sudo yum remove catdoc

Restrict file processing

all

Limit catdoc to trusted file sources only

🧯 If You Can't Patch

Run catdoc in sandboxed/containerized environment with minimal privileges
Implement strict input validation for all files processed by catdoc

🔍 How to Verify

Check if Vulnerable:

Run 'catdoc -V' and check if version is exactly 0.95. Systems showing 0.95 are vulnerable.

Check Version:

catdoc -V

Verify Fix Applied:

After update, run 'catdoc -V' and confirm version is 0.95.1 or higher.

📡 Detection & Monitoring

Log Indicators:

Segmentation fault or crash logs from catdoc process
Unexpected termination of document conversion processes

Network Indicators:

Unusual file uploads to systems using catdoc
Multiple failed document processing attempts

SIEM Query:

process.name:"catdoc" AND (event.action:"segmentation_fault" OR event.outcome:"failure")

📊 Metadata

CVE ID: CVE-2024-54028

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-191

EPSS Score: 0.05% exploit probability (13.8th percentile)

Published: June 2, 2025

Last Updated: February 18, 2026

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2132 Exploit,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/06/msg00032.html Mailing List,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2132 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-54028, you might also want to check these: