Executive Summary

This vulnerability exists in OpenMcdf, a .NET/C# library used to manipulate Compound File Binary (CFB) files. Before version 3.1.3, the library does not detect cycles in the directory entry red-black tree structure of a CFB document. A specially crafted CFB file containing a cycle in the LeftSiblingID / RightSiblingID chain can cause the methods Storage.EnumerateEntries() and Storage.OpenStream() to enter an infinite loop.

This infinite loop consumes the calling thread indefinitely and cannot be recovered from using try/catch blocks. The issue was fixed in version 3.1.3 of OpenMcdf.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can cause a denial of service condition by making the application using OpenMcdf hang indefinitely when processing a maliciously crafted CFB file. This happens because the application thread gets stuck in an infinite loop and cannot recover, potentially leading to resource exhaustion and unavailability of the affected functionality.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, update OpenMcdf to version 3.1.3 or later, where the issue has been patched.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability in OpenMcdf allows a crafted Compound File Binary (CFB) file to cause an infinite loop, leading to a denial of service by consuming the calling thread indefinitely.

This denial of service could impact the availability of applications processing untrusted CFB files, which may affect compliance with standards and regulations that require maintaining system availability and reliability, such as GDPR and HIPAA.

However, there is no direct information provided about specific impacts on data confidentiality or integrity, or explicit references to compliance with these standards.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves an infinite loop caused by crafted Compound File Binary (CFB) files with cycles in the directory entry red-black tree. Detection involves identifying if OpenMcdf is processing such malicious CFB files that cause Storage.EnumerateEntries() or Storage.OpenStream() to loop indefinitely.

Since the issue is triggered by crafted CFB files, detection on your system can be done by monitoring for processes using OpenMcdf that hang or consume excessive CPU when handling CFB files.

There are no specific commands provided in the resources to detect this vulnerability directly on a network or system.

However, as a practical approach, you can:

• Monitor application logs or behavior for hangs or infinite loops when processing CFB files.
• Use process monitoring tools (e.g., top, htop on Linux; Task Manager or Process Explorer on Windows) to detect high CPU usage by applications using OpenMcdf.
• If you have access to the source or debugging environment, you could add logging around Storage.EnumerateEntries() and Storage.OpenStream() calls to detect repeated iterations or hangs.

To prevent exploitation, ensure OpenMcdf is updated to version 3.1.3 or later, where cycle detection is implemented.

Useful 0 Not Useful 0