Catdoc OLE Document DIFAT Parser Integer Underflow Vulnerability

A vulnerability allowing integer underflow has been identified in the OLE Document DIFAT Parser of Catdoc version 0.95. This vulnerability arises when the parser processes specially crafted, malformed files, leading to heap-based memory corruption. An attacker can exploit this by providing a malicious file that triggers the underflow, potentially causing a heap-buffer overflow and allowing for memory corruption that could be exploited for arbitrary code execution.

Impact

Exploitation of this vulnerability causes a heap-buffer overflow, which can lead to heap-based memory corruption. Such memory corruption vulnerabilities can often be exploited to execute arbitrary code under the context of the affected application.

Reproduction

The vulnerability can be reproduced by creating a malicious OLE compound document that triggers the integer underflow in the DIFAT parser. This can be done by setting the sector size to an invalid value that causes the underflow when the file is processed by Catdoc. The generated document can then be opened with Catdoc, which will crash due to the memory corruption caused by the vulnerability.