{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"catdoc security update", "category":"general", "title":"Synopsis" }, { "text":"An update for catdoc is now available for openEuler-24.03-LTS-SP3", "category":"general", "title":"Summary" }, { "text":"catdoc is program which reads one or more Microsoft word files and outputs text, contained insinde them to standard output. Therefore it does same work for.doc files, as unix cat command for plain ASCII files. It is now accompanied by xls2csv - program which converts Excel spreadsheet into comma-separated value file, and catppt - utility to extract textual information from Powerpoint files\n\nSecurity Fix(es):\n\nA memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.(CVE-2024-48877)\n\nAn integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.(CVE-2024-52035)\n\nAn integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.(CVE-2024-54028)", "category":"general", "title":"Description" }, { "text":"An update for catdoc is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP3/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2/openEuler-24.03-LTS-SP3/openEuler-24.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"catdoc", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-2614", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2614" }, { "summary":"CVE-2024-48877", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-48877&packageName=catdoc" }, { "summary":"CVE-2024-52035", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-52035&packageName=catdoc" }, { "summary":"CVE-2024-54028", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-54028&packageName=catdoc" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48877" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-52035" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-54028" }, { "summary":"openEuler-SA-2026-2614 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-2614.json" } ], "title":"An update for catdoc is now available for openEuler-24.03-LTS-SP3", "tracking":{ "initial_release_date":"2026-06-18T16:17:25+08:00", "revision_history":[ { "date":"2026-06-18T16:17:25+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-06-18T16:17:25+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-06-18T16:17:25+08:00", "id":"openEuler-SA-2026-2614", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openEuler-24.03-LTS-SP3", "name":"openEuler-24.03-LTS-SP3" }, "name":"openEuler-24.03-LTS-SP3", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"catdoc-0.95-2.oe2403sp3.aarch64.rpm", "name":"catdoc-0.95-2.oe2403sp3.aarch64.rpm" }, "name":"catdoc-0.95-2.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"catdoc-debuginfo-0.95-2.oe2403sp3.aarch64.rpm", "name":"catdoc-debuginfo-0.95-2.oe2403sp3.aarch64.rpm" }, "name":"catdoc-debuginfo-0.95-2.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"catdoc-debugsource-0.95-2.oe2403sp3.aarch64.rpm", "name":"catdoc-debugsource-0.95-2.oe2403sp3.aarch64.rpm" }, "name":"catdoc-debugsource-0.95-2.oe2403sp3.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"catdoc-0.95-2.oe2403sp3.src.rpm", "name":"catdoc-0.95-2.oe2403sp3.src.rpm" }, "name":"catdoc-0.95-2.oe2403sp3.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"catdoc-0.95-2.oe2403sp3.x86_64.rpm", "name":"catdoc-0.95-2.oe2403sp3.x86_64.rpm" }, "name":"catdoc-0.95-2.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"catdoc-debuginfo-0.95-2.oe2403sp3.x86_64.rpm", "name":"catdoc-debuginfo-0.95-2.oe2403sp3.x86_64.rpm" }, "name":"catdoc-debuginfo-0.95-2.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"catdoc-debugsource-0.95-2.oe2403sp3.x86_64.rpm", "name":"catdoc-debugsource-0.95-2.oe2403sp3.x86_64.rpm" }, "name":"catdoc-debugsource-0.95-2.oe2403sp3.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"catdoc-0.95-2.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.aarch64", "name":"catdoc-0.95-2.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"catdoc-debuginfo-0.95-2.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:catdoc-debuginfo-0.95-2.oe2403sp3.aarch64", "name":"catdoc-debuginfo-0.95-2.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"catdoc-debugsource-0.95-2.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:catdoc-debugsource-0.95-2.oe2403sp3.aarch64", "name":"catdoc-debugsource-0.95-2.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"catdoc-0.95-2.oe2403sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.src", "name":"catdoc-0.95-2.oe2403sp3.src as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"catdoc-0.95-2.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.x86_64", "name":"catdoc-0.95-2.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"catdoc-debuginfo-0.95-2.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:catdoc-debuginfo-0.95-2.oe2403sp3.x86_64", "name":"catdoc-debuginfo-0.95-2.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"catdoc-debugsource-0.95-2.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:catdoc-debugsource-0.95-2.oe2403sp3.x86_64", "name":"catdoc-debugsource-0.95-2.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2024-48877", "notes":[ { "text":"A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-debuginfo-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-debugsource-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.src", "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:catdoc-debuginfo-0.95-2.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:catdoc-debugsource-0.95-2.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-debuginfo-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-debugsource-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.src", "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:catdoc-debuginfo-0.95-2.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:catdoc-debugsource-0.95-2.oe2403sp3.x86_64" ], "details":"catdoc security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2614" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-debuginfo-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-debugsource-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.src", "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:catdoc-debuginfo-0.95-2.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:catdoc-debugsource-0.95-2.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-48877" }, { "cve":"CVE-2024-52035", "notes":[ { "text":"An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-debuginfo-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-debugsource-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.src", "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:catdoc-debuginfo-0.95-2.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:catdoc-debugsource-0.95-2.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-debuginfo-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-debugsource-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.src", "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:catdoc-debuginfo-0.95-2.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:catdoc-debugsource-0.95-2.oe2403sp3.x86_64" ], "details":"catdoc security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2614" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-debuginfo-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-debugsource-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.src", "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:catdoc-debuginfo-0.95-2.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:catdoc-debugsource-0.95-2.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-52035" }, { "cve":"CVE-2024-54028", "notes":[ { "text":"An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-debuginfo-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-debugsource-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.src", "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:catdoc-debuginfo-0.95-2.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:catdoc-debugsource-0.95-2.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-debuginfo-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-debugsource-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.src", "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:catdoc-debuginfo-0.95-2.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:catdoc-debugsource-0.95-2.oe2403sp3.x86_64" ], "details":"catdoc security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2614" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-debuginfo-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-debugsource-0.95-2.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.src", "openEuler-24.03-LTS-SP3:catdoc-0.95-2.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:catdoc-debuginfo-0.95-2.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:catdoc-debugsource-0.95-2.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-54028" } ] }