Denial of Service Vulnerability in OpenMcdf Library by OpenMcdf
CVE-2026-45785
6.2MEDIUM
What is CVE-2026-45785?
The OpenMcdf library, which is designed for handling Compound File Binary File Format files, is vulnerable to a denial of service attack. This is due to an infinite loop that occurs in the DirectoryTree.TryGetDirectoryEntry method when a specially crafted CFB file contains cyclic Left/Right sibling links among directory entries. This flaw allows the loop to run indefinitely, leading to a situation where legitimate access requests to the storage can be halted. The vulnerability is present in versions 3.1.3 and earlier, but it has been rectified in version 3.1.4, which introduces necessary cycle detection to prevent such issues.
Affected Version(s)
openmcdf < 3.1.4
