Project

General

Profile

Actions
Copy link

Bug #1214

closed

Unbounded recursion in XMLParser library

Added by Marco Eichelberg 1 day ago. Updated about 15 hours ago.

Status:
Closed
Priority:
Normal
Assignee:
Marco Eichelberg
Category:
Library and Apps
Target version:
-
Start date:
2026-05-24
Due date:
% Done:

100%

Estimated time:
2:00 h
Module:
ofstd
Operating System:
Compiler:

Description

The methods XMLNode::ParseXMLElement() and XMLNode::emptyTheNode() in ofstd/libsrc/ofxml.cc recurse on the stack for each XML nesting level with no depth limit.
Reading an XML file with an extremely high nesting level (60,000 levels) triggers a stack overflow.

This can be demonstrated with the attached PoC file: dcmencap poc.xml poc.dcm

Reported 2026-05-19 by Arjun Basnet, Senior Security Researcher, Securin.

Files

poc.xml (1.43 MB) poc.xml PoC file Marco Eichelberg, 2026-05-24 19:16
Actions
Copy link
 #1

Updated by Marco Eichelberg 1 day ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100
  • Estimated time set to 2:00 h

Closed by commit #d12e350e6.

Actions
Copy link
 #2

Updated by Marco Eichelberg about 16 hours ago

This issue has been registered as CVE-2026-44033.

Actions
Copy link
 #3

Updated by Marco Eichelberg about 15 hours ago

  • Private changed from Yes to No
Actions
Copy link

Also available in: Atom PDF