CVE-2026-42477
Heap-based Out-of-Bounds Read in Open CASCADE Technology
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| opencascade | open_cascade_technology | to 7.9.3 (inc) |
| opencascade | open_cascade_technology | 8.0.0 |
| opencascade | open_cascade_technology | 8.0.0 |
| opencascade | open_cascade_technology | 8.0.0 |
| opencascade | open_cascade_technology | 8.0.0 |
| opencascade | open_cascade_technology | 8.0.0 |
| opencascade | open_cascade_technology | 8.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows user-assisted attackers to cause a denial of service or obtain sensitive information by persuading a victim to open a crafted OBJ file. This exposure of sensitive information could potentially impact compliance with data protection regulations such as GDPR or HIPAA, which require safeguarding sensitive data against unauthorized access.
However, the provided information does not specify the exact nature or type of sensitive information that could be exposed, nor does it detail the regulatory impact explicitly.
Can you explain this vulnerability to me?
This vulnerability is a heap-based out-of-bounds read in the OBJ file parser component of Open CASCADE Technology (OCCT) version V8_0_0_rc5. It occurs because the function Standard_ReadLineBuffer::ReadLine() can return a very small buffer (1 byte) for minimal OBJ lines, but the function RWObj_Reader::read() calls pushIndices() with a pointer offset that assumes a larger buffer without validating its length. This can lead to reading memory outside the intended buffer.
How can this vulnerability impact me? :
An attacker who convinces a victim to open a specially crafted OBJ file can exploit this vulnerability to cause a denial of service (crash) or potentially obtain sensitive information from the memory of the affected application.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by analyzing the behavior of the OBJ file parser when processing crafted OBJ files that cause out-of-bounds reads. Using memory error detection tools such as AddressSanitizer (ASAN) can consistently detect the out-of-bounds read triggered by minimal or malformed OBJ lines.
Specifically, monitoring for crashes or denial of service symptoms when opening OBJ files with Open CASCADE Technology (OCCT) versions vulnerable to this issue can indicate exploitation attempts.
While no direct commands are provided, running OCCT with ASAN enabled on suspicious OBJ files can help detect the vulnerability. For example, you can run the OCCT application or test harness under ASAN and open suspect OBJ files to observe memory errors.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding opening untrusted or crafted OBJ files with vulnerable versions of Open CASCADE Technology (OCCT).
Applying patches or updates that validate the length of the buffer returned by ReadLine before further processing is essential to prevent exploitation.
If patches are not yet available, consider implementing input validation or sandboxing the OCCT application to limit the impact of potential denial of service or information disclosure.