CVE-2026-42480
Analyzed Analyzed - Analysis Complete
Stack-Based Out-of-Bounds Read in Open CASCADE Technology VRML Parser

Publication date: 2026-05-01

Last updated on: 2026-06-01

Assigner: MITRE

Description
A stack-based out-of-bounds read vulnerability in VrmlData_Scene::ReadLine in the VRML parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because the quoted-string escape handler uses ptr[++anOffset] without proper bounds checking, which can read past the end of a fixed-size stack buffer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-06-01
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-42480
EUVD
EUVD-2026-26677
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
opencascade open_cascade_technology to 7.9.3 (inc)
opencascade open_cascade_technology 8.0.0
opencascade open_cascade_technology 8.0.0
opencascade open_cascade_technology 8.0.0
opencascade open_cascade_technology 8.0.0
opencascade open_cascade_technology 8.0.0
opencascade open_cascade_technology 8.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a stack-based out-of-bounds read in the VRML parser component of Open CASCADE Technology (OCCT) version V8_0_0_rc5. Specifically, it occurs in the VrmlData_Scene::ReadLine function when handling quoted-string escapes. The code uses an incremented pointer without proper bounds checking, which can cause it to read beyond the end of a fixed-size stack buffer.

An attacker can exploit this by providing a specially crafted VRML file that triggers this out-of-bounds read.

Impact Analysis

The primary impact of this vulnerability is that it allows an attacker to cause a denial of service (DoS) condition. By exploiting the out-of-bounds read, the attacker can crash the application or cause it to behave unexpectedly, potentially disrupting normal operations.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability can be detected by analyzing the behavior of the VRML parser in Open CASCADE Technology (OCCT) when processing crafted VRML files. Specifically, tools like AddressSanitizer (ASAN) can be used to detect out-of-bounds reads triggered by malformed input files.

A practical approach is to run the vulnerable OCCT version with ASAN enabled and feed it crafted VRML files designed to trigger the vulnerability. ASAN will report out-of-bounds memory reads during execution.

  • Use AddressSanitizer (ASAN) to run the OCCT VRML parser and monitor for out-of-bounds reads.
  • Prepare or obtain crafted VRML files that trigger the vulnerability.
  • Example command to run OCCT with ASAN (assuming ASAN is enabled in the build): `ASAN_OPTIONS=detect_stack_use_after_return=1 ./occt_vrml_parser vulnerable_file.wrl`
Mitigation Strategies

Immediate mitigation involves avoiding the processing of untrusted or crafted VRML files with vulnerable versions of Open CASCADE Technology (OCCT).

Applying patches or updates that validate the length returned by the ReadLine function before further parsing is the recommended fix.

  • Do not process VRML files from untrusted sources until a patched version of OCCT is applied.
  • Update OCCT to a version where the ReadLine return length is properly validated to prevent out-of-bounds reads.
  • If updating is not immediately possible, consider sandboxing or isolating the VRML parsing process to limit potential denial of service impact.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42480. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart