CVE-2026-42480
Stack-Based Out-of-Bounds Read in Open CASCADE Technology VRML Parser
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open_cascade_technology | occt | 8.0.0_rc5 |
| open_cascade_technology | occt | 7.8.1 |
| open_cascade_technology | occt | From 7.8.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based out-of-bounds read in the VRML parser component of Open CASCADE Technology (OCCT) version V8_0_0_rc5. Specifically, it occurs in the VrmlData_Scene::ReadLine function when handling quoted-string escapes. The code uses an incremented pointer without proper bounds checking, which can cause it to read beyond the end of a fixed-size stack buffer.
An attacker can exploit this by providing a specially crafted VRML file that triggers this out-of-bounds read.
How can this vulnerability impact me? :
The primary impact of this vulnerability is that it allows an attacker to cause a denial of service (DoS) condition. By exploiting the out-of-bounds read, the attacker can crash the application or cause it to behave unexpectedly, potentially disrupting normal operations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by analyzing the behavior of the VRML parser in Open CASCADE Technology (OCCT) when processing crafted VRML files. Specifically, tools like AddressSanitizer (ASAN) can be used to detect out-of-bounds reads triggered by malformed input files.
A practical approach is to run the vulnerable OCCT version with ASAN enabled and feed it crafted VRML files designed to trigger the vulnerability. ASAN will report out-of-bounds memory reads during execution.
- Use AddressSanitizer (ASAN) to run the OCCT VRML parser and monitor for out-of-bounds reads.
- Prepare or obtain crafted VRML files that trigger the vulnerability.
- Example command to run OCCT with ASAN (assuming ASAN is enabled in the build): `ASAN_OPTIONS=detect_stack_use_after_return=1 ./occt_vrml_parser vulnerable_file.wrl`
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves avoiding the processing of untrusted or crafted VRML files with vulnerable versions of Open CASCADE Technology (OCCT).
Applying patches or updates that validate the length returned by the ReadLine function before further parsing is the recommended fix.
- Do not process VRML files from untrusted sources until a patched version of OCCT is applied.
- Update OCCT to a version where the ReadLine return length is properly validated to prevent out-of-bounds reads.
- If updating is not immediately possible, consider sandboxing or isolating the VRML parsing process to limit potential denial of service impact.