Catdoc Integer Overflow Vulnerability in OLE Document Parser Leading to Heap-Based Memory Corruption

A heap-based memory corruption vulnerability has been identified in catdoc version 0.95, specifically within the OLE Document File Allocation Table Parser. This vulnerability arises from an integer overflow that occurs when the parser processes specially crafted, malformed files. The overflow allows for the allocation of insufficient memory, which can be exploited by an attacker to corrupt memory and potentially execute arbitrary code.

Impact

Exploitation of this vulnerability causes a heap-buffer-overflow, leading to memory corruption that can allow for code execution under the context of the catdoc process.

Reproduction

The vulnerability can be reproduced by using a Python script to create a malicious OLE compound document file that exploits the integer overflow in the file allocation table parsing. This crafted file can then be processed with a 32-bit build of the catdoc utility, which will trigger the vulnerability and cause the application to crash.