Denial of Service Vulnerability in OpenMcdf Library by OpenMcdf
CVE-2026-45785

6.2MEDIUM

Key Information:

Vendor

Openmcdf

Status
Vendor
CVE Published:
17 July 2026

What is CVE-2026-45785?

The OpenMcdf library, which is designed for handling Compound File Binary File Format files, is vulnerable to a denial of service attack. This is due to an infinite loop that occurs in the DirectoryTree.TryGetDirectoryEntry method when a specially crafted CFB file contains cyclic Left/Right sibling links among directory entries. This flaw allows the loop to run indefinitely, leading to a situation where legitimate access requests to the storage can be halted. The vulnerability is present in versions 3.1.3 and earlier, but it has been rectified in version 3.1.4, which introduces necessary cycle detection to prevent such issues.

Affected Version(s)

openmcdf < 3.1.4

References

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.