CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

RedhatCVE•added 2026/05/11 8:26 p.m.•4 views

CVE-2026-41511

OpenMcdf is a fully .NET / C library to manipulate Compound File Binary File Format files, also known as Structured Storage. Prior to version 3.1.3, OpenMcdf does not detect cycles in the directory entry red-black tree of a Compound File Binary CFB document. A crafted CFB file with a cycle in the...

6.2CVSS5.7AI score0.00013EPSS

Exploits1References1

NVD•added 2026/05/08 7:16 p.m.•8 views

CVE-2026-41511

6.2CVSS0.00013EPSS

Exploits1References3

ATTACKERKB•added 2026/05/08 6:52 p.m.•7 views

CVE-2026-41511

6.2CVSS5.7AI score0.00013EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/05/08 6:52 p.m.•6 views

CVE-2026-41511 OpenMcdf has an Infinite loop DoS via crafted CFB directory cycle

6.2CVSS5.7AI score0.00013EPSS

Exploits1References3

CVE•added 2026/05/08 6:52 p.m.•5 views

CVE-2026-41511

CVE-2026-41511 affects the OpenMcdf .NET/C# library for Compound File Binary (CFB) manipulation. Before version 3.1.3, the library failed to detect cycles in the directory-entry red–black tree, allowing a crafted CFB file to create a cycle in LeftSiblingID/RightSiblingID that causes Storage.Enume...

6.2CVSS5.7AI score0.00013EPSS

Exploits1References3Affected Software1

SUSE CVE•added 2023/02/15 5:49 a.m.•0 views

SUSE CVE-2012-0213

The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service OutOfMemoryError exception and possibly JVM destabilization via a crafted length value in a Channel Definition Format CDF or Compound Fi...

5CVSS6.9AI score0.13063EPSS

Exploits0References3

OSV•added 2022/05/04 12:28 a.m.•26 views

GHSA-JQX5-H2HW-5Q4F Denial of Service in Apache POI

5CVSS5.5AI score0.13063EPSS

Exploits0References8

Github Security Blog•added 2022/05/04 12:28 a.m.•20 views

Denial of Service in Apache POI

5CVSS5.5AI score0.13063EPSS

Exploits0References8Affected Software2

Talos•added 2022/02/15 12:0 a.m.•43 views

Hancom Office 2020 Hword HwordApp.dll SectorLoc heap-based buffer overflow

Summary A heap-based buffer overflow vulnerability exists in the Hword HwordApp.dll functionality of Hancom Office 2020 11.0.0.2353. A specially-crafted malformed file can lead to memory corruption and potential arbitrary code execution. An attacker can provide a malicious file to trigger this...

7.8CVSS7.8AI score0.00827EPSS

Exploits1

FireEye•added 2020/11/19 12:0 a.m.•375 views

Purgalicious VBA: Macro Obfuscation With VBA Purging

Malicious Office documents remain a favorite technique for every type of threat actor, from red teamers to FIN groups to APTs. In this blog post, we will discuss "VBA Purging", a technique we have increasingly observed in the wild and that was first publicly documented by Didier Stevens in Februa...

7.1AI score

Exploits0References16

OSV•added 2018/12/21 4:29 p.m.•1 views

CVE-2018-5201

Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial...

5.5CVSS5.8AI score0.00163EPSS

Exploits0References1

Prion•added 2018/12/21 4:29 p.m.•16 views

Heap overflow

4.3CVSS5.7AI score0.00163EPSS

Exploits0References1Affected Software4

NVD•added 2018/12/21 4:29 p.m.•13 views

CVE-2018-5201

5.5CVSS5.7AI score0.00163EPSS

Exploits0References1

CVE•added 2018/12/21 4:0 p.m.•56 views

CVE-2018-5201

CVE-2018-5201 affects Hancom Office products: Office 2018 (v10.0.0.8214) and earlier, Hancom Office NEO (v9.6.1.10472) and earlier, Hancom Office 2014 (v9.1.1.4540) and earlier, and Hancom Office 2010 (v8.5.8.1724) and earlier. The vulnerability is a heap overflow when processing Compound File do...

5.5CVSS5.6AI score0.00163EPSS

Exploits0References1Affected Software4

Cvelist•added 2018/12/21 4:0 p.m.•16 views

CVE-2018-5201

5.7AI score0.00163EPSS

Exploits0References1

Talos•added 2017/09/11 12:0 a.m.•50 views

FreeXL BIFF Dimension Marker Code Execution Vulnerability

Summary An exploitable heap-based buffer overflow vulnerability exists in the readlegacybiff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. Tested...

8.8CVSS8.9AI score0.02235EPSS

Exploits1

OSV•added 2017/01/06 9:59 p.m.•0 views

CVE-2016-5646

An exploitable heap overflow vulnerability exists in the Compound Binary File Format CBFF parser functionality of Lexmark Perceptive Document Filters library. A specially crafted CBFF file can cause a code execution. An attacker can send a malformed file to trigger this vulnerability...

7.8CVSS5.9AI score0.0077EPSS

Exploits2References1

OSV•added 2014/08/23 1:55 a.m.•1 views

DEBIAN-CVE-2014-3587

Integer overflow in the cdfreadpropertyinfo function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service application crash via a crafted CDF file. NOTE: this vulnerability exists becaus...

4.3CVSS7.1AI score0.30214EPSS

Exploits1References1