An update for catdoc is now available for openEuler-24.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-2614 Final 1.0 1.0 2026-06-12 Initial 2026-06-12 2026-06-12 openEuler SA Tool V1.0 2026-06-12 catdoc security update An update for catdoc is now available for openEuler-24.03-LTS-SP3 catdoc is program which reads one or more Microsoft word files and outputs text, contained insinde them to standard output. Therefore it does same work for.doc files, as unix cat command for plain ASCII files. It is now accompanied by xls2csv - program which converts Excel spreadsheet into comma-separated value file, and catppt - utility to extract textual information from Powerpoint files Security Fix(es): A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.(CVE-2024-48877) An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.(CVE-2024-52035) An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.(CVE-2024-54028) An update for catdoc is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP3/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2/openEuler-24.03-LTS-SP3/openEuler-24.03-LTS-SP4. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High catdoc https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2614 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-48877 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-52035 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-54028 https://nvd.nist.gov/vuln/detail/CVE-2024-48877 https://nvd.nist.gov/vuln/detail/CVE-2024-52035 https://nvd.nist.gov/vuln/detail/CVE-2024-54028 openEuler-24.03-LTS-SP3 catdoc-0.95-2.oe2403sp3.aarch64.rpm catdoc-debuginfo-0.95-2.oe2403sp3.aarch64.rpm catdoc-debugsource-0.95-2.oe2403sp3.aarch64.rpm catdoc-0.95-2.oe2403sp3.src.rpm catdoc-0.95-2.oe2403sp3.x86_64.rpm catdoc-debuginfo-0.95-2.oe2403sp3.x86_64.rpm catdoc-debugsource-0.95-2.oe2403sp3.x86_64.rpm A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. 2026-06-12 CVE-2024-48877 openEuler-24.03-LTS-SP3 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H catdoc security update 2026-06-12 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2614 An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 2026-06-12 CVE-2024-52035 openEuler-24.03-LTS-SP3 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H catdoc security update 2026-06-12 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2614 An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 2026-06-12 CVE-2024-54028 openEuler-24.03-LTS-SP3 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H catdoc security update 2026-06-12 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2614