Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 624648 (CVE-2017-11110)

Summary: app-text/catdoc: heap overflow (CVE-2017-11110)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED WONTFIX    
Severity: minor CC: tex
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [upstream cve]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2017-07-12 07:27:04 UTC 
FOR TRACKING PURPOSE SICNE A READ OVERFLOW IN A COMMAND-LINE TOOL DOES NOT DESERVE A CVE

CVE-2017-11110 (https://nvd.nist.gov/vuln/detail/CVE-2017-11110):

The ole_init function in ole.c in catdoc 0.95 allows remote attackers to cause a denial of service (heap-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted file, i.e., data is written to memory addresses before the beginning of the tmpBuf buffer.


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.