CVE-2026-42241

Name of the Vulnerable Software and Affected Versions ParquetSharp versions 18.1.0 through 23.0.0

Description ParquetSharp is a .NET library used for reading and writing Apache Parquet files. The ReadDecimal() function in DecimalConverter performs a stackalloc operation using a value that can be supplied by an attacker. By declaring a decimal column with an unreasonable width, an attacker can trigger a stack overflow, which may result in a denial of service by taking down the application in a service environment. This issue specifically impacts applications that use the library to read untrusted Parquet files within a network service.

Recommendations Update to version 23.0.0.1.