Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.12 views

CVE-2026-41511

OpenMcdf is a fully .NET / C library to manipulate Compound File Binary File Format files, also known as Structured Storage. Prior to version 3.1.3, OpenMcdf does not detect cycles in the directory entry red-black tree of a Compound File Binary CFB document. A crafted CFB file with a cycle in the...

6.2CVSS5.7AI score0.00187EPSS
Exploits1References1
OSV
OSV
added 2026/05/08 6:52 p.m.3 views

CVE-2026-41511 OpenMcdf has an Infinite loop DoS via crafted CFB directory cycle

OpenMcdf is a fully .NET / C library to manipulate Compound File Binary File Format files, also known as Structured Storage. Prior to version 3.1.3, OpenMcdf does not detect cycles in the directory entry red-black tree of a Compound File Binary CFB document. A crafted CFB file with a cycle in the...

6.2CVSS5.9AI score0.00187EPSS
Exploits1References5
CVE
CVE
added 2026/05/08 6:52 p.m.23 views

CVE-2026-41511

CVE-2026-41511 affects the OpenMcdf .NET/C# library for Compound File Binary (CFB) manipulation. Before version 3.1.3, the library failed to detect cycles in the directory-entry red–black tree, allowing a crafted CFB file to create a cycle in LeftSiblingID/RightSiblingID that causes Storage.Enume...

6.2CVSS5.7AI score0.00187EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 10:9 p.m.29 views

OpenMcdf has an Infinite loop DoS via crafted CFB directory cycle

Summary OpenMcdf does not detect cycles in the directory entry red-black tree of a Compound File Binary CFB document. A crafted CFB file with a cycle in the LeftSiblingID / RightSiblingID chain causes Storage.EnumerateEntries and Storage.OpenStream to loop indefinitely, consuming the calling thre...

6.2CVSS5.8AI score0.00187EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder