CVE-2026-42476
Heap-based Out-of-Bounds Reads in Open CASCADE Technology
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| opencascade | open_cascade_technology | to 7.9.3 (inc) |
| opencascade | open_cascade_technology | 8.0.0 |
| opencascade | open_cascade_technology | 8.0.0 |
| opencascade | open_cascade_technology | 8.0.0 |
| opencascade | open_cascade_technology | 8.0.0 |
| opencascade | open_cascade_technology | 8.0.0 |
| opencascade | open_cascade_technology | 8.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can be triggered by a user opening a maliciously crafted STL file. The impacts include denial of service (DoS), where the application may crash or become unstable due to the out-of-bounds memory access.
Additionally, there is a possibility of information disclosure, where sensitive data from adjacent memory could be read unintentionally due to the out-of-bounds read.
Can you explain this vulnerability to me?
CVE-2026-42476 is a memory safety vulnerability in Open CASCADE Technology (OCCT) related to its STL ASCII file parser. Specifically, it involves two heap-based out-of-bounds read issues in the function RWStl_Reader::ReadAscii. The problem arises because buffers returned by the ReadLine function are not properly checked for their length before being used in string comparison or direct byte access operations.
An attacker can exploit this by crafting an STL file with extremely short lines that cause the ReadLine function to return very small buffers (1-3 bytes). Since the code does not validate the length of these buffers before parsing, it can read beyond the allocated memory, leading to out-of-bounds reads.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by using AddressSanitizer (ASAN) or similar memory safety tools to monitor for out-of-bounds reads when processing STL files with the affected Open CASCADE Technology (OCCT) versions.
Specifically, running the OCCT STL ASCII file parser on crafted STL files that contain extremely short lines (1-3 bytes) can trigger the vulnerability and cause ASAN to detect the out-of-bounds read.
A suggested approach is to use a proof-of-concept STL file known to trigger the issue and run the OCCT tool under ASAN or another memory error detector to observe any memory violations.
- Use AddressSanitizer (ASAN) to run the OCCT STL parser: compile OCCT with ASAN enabled and process suspicious STL files.
- Monitor logs or error outputs for out-of-bounds read errors during file parsing.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves validating the length of buffers returned by the ReadLine function before any parsing or memory access operations.
Until a patched version of OCCT is applied, avoid opening or processing untrusted or suspicious STL files that may contain extremely short lines designed to trigger the vulnerability.
Applying updates or patches that include the fixβvalidating the ReadLine return length before proceedingβis the recommended long-term solution.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.