CVE-2026-42477
Modified Modified - Updated After Analysis
Heap-based Out-of-Bounds Read in Open CASCADE Technology

Publication date: 2026-05-01

Last updated on: 2026-05-10

Assigner: MITRE

Description
A heap-based out-of-bounds read vulnerability in RWObj_Reader::read in the OBJ file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows user-assisted attackers to cause a denial of service or obtain sensitive information by persuading a victim to open a crafted OBJ file. The issue occurs because Standard_ReadLineBuffer::ReadLine() can return a 1-byte buffer for a minimal OBJ line, and RWObj_Reader::read() calls pushIndices(aLine + 2) without validating the buffer length.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-10
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-42477
EUVD
EUVD-2026-26600
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
opencascade open_cascade_technology to 7.9.3 (inc)
opencascade open_cascade_technology 8.0.0
opencascade open_cascade_technology 8.0.0
opencascade open_cascade_technology 8.0.0
opencascade open_cascade_technology 8.0.0
opencascade open_cascade_technology 8.0.0
opencascade open_cascade_technology 8.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a heap-based out-of-bounds read in the OBJ file parser component of Open CASCADE Technology (OCCT) version V8_0_0_rc5. It occurs because the function Standard_ReadLineBuffer::ReadLine() can return a very small buffer (1 byte) for minimal OBJ lines, but the function RWObj_Reader::read() calls pushIndices() with a pointer offset that assumes a larger buffer without validating its length. This can lead to reading memory outside the intended buffer.

Impact Analysis

An attacker who convinces a victim to open a specially crafted OBJ file can exploit this vulnerability to cause a denial of service (crash) or potentially obtain sensitive information from the memory of the affected application.

Compliance Impact

The vulnerability allows user-assisted attackers to cause a denial of service or obtain sensitive information by persuading a victim to open a crafted OBJ file. This exposure of sensitive information could potentially impact compliance with data protection regulations such as GDPR or HIPAA, which require safeguarding sensitive data against unauthorized access.

However, the provided information does not specify the exact nature or type of sensitive information that could be exposed, nor does it detail the regulatory impact explicitly.

Detection Guidance

This vulnerability can be detected by analyzing the behavior of the OBJ file parser when processing crafted OBJ files that cause out-of-bounds reads. Using memory error detection tools such as AddressSanitizer (ASAN) can consistently detect the out-of-bounds read triggered by minimal or malformed OBJ lines.

Specifically, monitoring for crashes or denial of service symptoms when opening OBJ files with Open CASCADE Technology (OCCT) versions vulnerable to this issue can indicate exploitation attempts.

While no direct commands are provided, running OCCT with ASAN enabled on suspicious OBJ files can help detect the vulnerability. For example, you can run the OCCT application or test harness under ASAN and open suspect OBJ files to observe memory errors.

Mitigation Strategies

Immediate mitigation steps include avoiding opening untrusted or crafted OBJ files with vulnerable versions of Open CASCADE Technology (OCCT).

Applying patches or updates that validate the length of the buffer returned by ReadLine before further processing is essential to prevent exploitation.

If patches are not yet available, consider implementing input validation or sandboxing the OCCT application to limit the impact of potential denial of service or information disclosure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42477. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart