Primary

Context

Catdoc xls2csv Utility Memory Corruption Vulnerability Allowing Heap Buffer Overflow

Vulnerability

A memory corruption vulnerability has been identified in the xls2csv utility, part of the Catdoc suite, specifically in version 0.95. The issue arises in the Shared String Table Record Parser, where a specially crafted malformed file can cause a heap buffer overflow. This vulnerability can be triggered by an attacker who provides a malicious file for processing.

Impact

Exploitation of this vulnerability leads to a heap buffer overflow, a common cause of memory corruption issues that can be exploited to execute arbitrary code or cause a program to crash.

Reproduction

The vulnerability can be reproduced by using the xls2csv utility to process a crafted Excel file that exploits the buffer overflow. The proof-of-concept for generating such a file is available as a Python script.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Catdoc xls2csv Utility Memory Corruption Vulnerability Allowing Heap Buffer Overflow

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating