Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 916866 (CVE-2023-41633, CVE-2023-46345)

Summary: app-text/catdoc: null pointer dereferences
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: minor CC: tex
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [upstream]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-04 20:22:19 UTC
CVE-2023-46345 (https://gist.github.com/rycbar77/d747b2c37b544ece30b2353a65ab41f9):

Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c.

No evidence of an upstream report or fix, while apparently the
upstream bug tracker and wiki are broken, and no update since
2016. Time for last rites?
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-04 20:23:15 UTC
CVE-2023-41633 (https://rycbar77.github.io/2023/08/29/catdoc-0-95-nullptr-dereference/):

Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/fileutil.c.