Your submission was sent successfully! Close

CVE-2017-11110

Published: 8 July 2017

The ole_init function in ole.c in catdoc 0.95 allows remote attackers to cause a denial of service (heap-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted file, i.e., data is written to memory addresses before the beginning of the tmpBuf buffer.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
catdoc
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was released [0.94.4-1.1+deb8u1build0.14.04.1])
upstream
Released (1:0.95-3)
xenial
Released (1:0.94.3~git20160113.dbc9ec6+dfsg-1+deb9u1build0.16.04.1)
yakkety Ignored
(reached end-of-life)
zesty
Released (1:0.94.3~git20160113.dbc9ec6+dfsg-1+deb9u1build0.17.04.1)