Bug 34411 - catdoc new security issues CVE-2024-48877, CVE-2024-52035 and CVE-2024-54028
Summary: catdoc new security issues CVE-2024-48877, CVE-2024-52035 and CVE-2024-54028
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2025-07-01 13:32 CEST by Nicolas Salguero
Modified: 2025-07-06 01:49 CEST (History)
3 users (show)

See Also:
Source RPM: catdoc-0.95-5.mga9.src.rpm
CVE: CVE-2024-48877, CVE-2024-52035, CVE-2024-54028
Status comment:

Attachments
Test file (8.50 KB, application/vnd.ms-excel)
2025-07-02 22:33 CEST, katnatek 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-07-01 13:32:34 CEST 
Debian has issued an advisory on June 29:
https://lists.debian.org/debian-security-announce/2025/msg00117.html
Nicolas Salguero 2025-07-01 13:33:18 CEST

Source RPM: (none) => catdoc-0.95-6.mga10.src.rpm, catdoc-0.95-5.mga9.src.rpm
Status comment: (none) => Patches available from Debian
CVE: (none) => CVE-2024-48877, CVE-2024-52035, CVE-2024-54028
Whiteboard: (none) => MGA9TOO

Comment 2 Nicolas Salguero 2025-07-02 15:54:32 CEST 
Suggested advisory:
========================

The updated package fixes security vulnerabilities:

A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. (CVE-2024-48877)

An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. (CVE-2024-52035)

An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. (CVE-2024-54028)

References:
https://lists.debian.org/debian-security-announce/2025/msg00117.html
========================

Updated package in core/updates_testing:
========================
catdoc-0.95-5.1.mga9

from SRPM:
catdoc-0.95-5.1.mga9.src.rpm

Status: NEW => ASSIGNED
Status comment: Patches available from Debian => (none)
Whiteboard: MGA9TOO => (none)
Source RPM: catdoc-0.95-6.mga10.src.rpm, catdoc-0.95-5.mga9.src.rpm => catdoc-0.95-5.mga9.src.rpm
Assignee: bugsquad => qa-bugs
Version: Cauldron => 9

katnatek 2025-07-02 21:23:56 CEST

Keywords: (none) => advisory

Comment 3 katnatek 2025-07-02 22:33:44 CEST 
Created attachment 15033 [details]
Test file

 xls2csv file_example_XLS_10.xls 
"0","First Name","Last Name","Gender","Country","Age","Date","Id"
"1","Dulce","Abril","Female","United States","32","15/10/2017","1562"
"2","Mara","Hashimoto","Female","Great Britain","25","16/08/2016","1582"
"3","Philip","Gent","Male","France","36","21/05/2015","2587"
"4","Kathleen","Hanner","Female","United States","25","15/10/2017","3549"
"5","Nereida","Magwood","Female","United States","58","16/08/2016","2468"
"6","Gaston","Brumm","Male","United States","24","21/05/2015","2554"
"7","Etta","Hurn","Female","Great Britain","56","15/10/2017","3598"
"8","Earlean","Melgar","Female","United States","27","16/08/2016","2456"
"9","Vincenza","Weiland","Female","United States","40","21/05/2015","6548"

Looks good
Comment 4 katnatek 2025-07-02 22:35:56 CEST 
Sorry, this should be before the previous message

installing catdoc-0.95-5.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/1: catdoc                ##################################################################################################
      1/1: removing catdoc-0.95-5.mga9.x86_64
                                 ##################################################################################################

The reports talks of POC files, but I could not find them

catdoc file1.doc works
catdoc cifras.docx 
This file looks like ZIP archive or Office 2007 or later file.
Not supported by catdoc

Looks good
Comment 5 Herman Viaene 2025-07-03 11:24:35 CEST 
MGA9-64 server Plasma Wayland on Compaq H000SB
No installation issues.
$ catdoc vraag.doc > vraag.txt
[tester9@mach3 volkstuintjes]$ catdoc vraag.doc 
No feedback and file vraag.txt is empty.
But this file is a creation of LO-Writer to send to an MS-only correspondent.
With .doc file from MS-Word:
$ catdoc 2020\ 2\ extra\ info\ vraag\ Herman\ 1.doc 
Vragen/bemerkingen Volkstuintjes

Volgende bemerkingen zijn gebaseerd op de laatste ledenlijst 2019-10,

De leden hebben nu allemaal een identificatie door een Lidkaart-Code,
Het cijfer komt overeen met het pandnummer nu. Maar is dat houdbaar ???
Stel dat een lid naar een ander pand wil, dan zou zijn/haar lidnummer
etc.....

$ catdoc 2020\ 2\ extra\ info\ vraag\ Herman\ 1.doc  > vraagextra.txt
resulting txt file looks OK.
$ catdoc 2021\ 1\ 10\ hopelijk\ laatste\ vragen\ aan\ Herman.docx 
This file looks like ZIP archive or Office 2007 or later file.
Not supported by catdoc

$ xls2csv ledenlijstest.xls
"Naam","Voornaam","Straat","Nr/bus","Postcode","Gemeente","Telefoon","GSM","Lidkaart","Typenaam","Percentlidgeld","Pandnr","Loknaam"
etc.......
$ xls2csv ledenlijstest.xls > test.csv
Resulting csv opens OK in LO Calc
$ xls2csv ledenlijstest.xlsx
Looks like ZIP archive or Office 2007 or later. Not supported
ledenlijstest.xlsx is not OLE file or Error

Looks all OK with me.

Whiteboard: (none) => MGA9-64-OK
CC: (none) => herman.viaene

Comment 6 Thomas Andrews 2025-07-04 14:11:51 CEST 
Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Comment 7 Mageia Robot 2025-07-06 01:49:19 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0202.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.