Last active
February 28, 2026 07:22
-
-
Save rycbar77/d747b2c37b544ece30b2353a65ab41f9 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2023-46345 | |
| [PRODUCT] | |
| Catdoc | |
| [VERSION] | |
| 0.95 | |
| [PROBLEM TYPE] | |
| Null Pointer Deference | |
| [DESCRIPTION] | |
| Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c. |
Hello @rycbar77! Have you reported that upstream?
Thanks!
It's possible one of the commits I made to src/slxparse.c in my fork of catdoc in February 2026 has fixed this, but I don't (yet) have access to the POC file.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Where is the upstream report?