Pawlos

**Name of the Vulnerable Software and Affected Versions** OpenMcdf (affected versions not specified) **Description** OpenMcdf fails to detect cycles in the directory entry red-black tree of a Compound File Binary (CFB) document. A crafted CFB file containing a cycle in the `LeftSiblingID` or `RightSiblingID` chain causes the software to loop indefinitely, leading to a denial of service. This occurs because the `DirectoryTreeEnumerator` and `DirectoryTree.TryGetDirectoryEntry` traverse the tree without tracking visited node IDs. Two specific code paths are affected: 1. The `Storage.EnumerateEntries()` function, where `DirectoryTreeEnumerator.MoveNext()` never returns false, causing the caller's loop to never exit and the heap to grow unboundedly. 2. The `Storage.OpenStream()` function, where `DirectoryTree.TryGetDirectoryEntry` loops indefinitely within `DirectoryEntries.TryGetSibling` during name lookup. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.