Skip to main content

Open CASCADE Technology CVE-2026-42477

| EUVDEUVD-2026-26600 HIGH
Out-of-bounds Read (CWE-125)
2026-05-01 mitre
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 01, 2026 - 17:53 vuln.today
CVSS changed
May 01, 2026 - 17:52 NVD
7.1 (HIGH)
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26600
Analysis Generated
May 01, 2026 - 15:00 vuln.today
CVE Published
May 01, 2026 - 00:00 nvd
HIGH 7.1

DescriptionCVE.org

A heap-based out-of-bounds read vulnerability in RWObj_Reader::read in the OBJ file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows user-assisted attackers to cause a denial of service or obtain sensitive information by persuading a victim to open a crafted OBJ file. The issue occurs because Standard_ReadLineBuffer::ReadLine() can return a 1-byte buffer for a minimal OBJ line, and RWObj_Reader::read() calls pushIndices(aLine + 2) without validating the buffer length.

AnalysisAI

Heap-based out-of-bounds read in Open CASCADE Technology V8_0_0_rc5 OBJ file parser allows local attackers to cause denial of service or leak sensitive memory contents when victims open malicious OBJ files. The vulnerability stems from missing buffer length validation in RWObj_Reader::read() after Standard_ReadLineBuffer::ReadLine() returns minimal 1-byte buffers, leading to unsafe memory access at aLine + 2. EPSS data not available; no confirmed active exploitation or public proof-of-concept identified at time of analysis. Requires user interaction, limiting automated exploitation potential.

Technical ContextAI

Open CASCADE Technology (OCCT) is an open-source software development platform for 3D CAD, CAM, CAE applications widely used in engineering and manufacturing software. The vulnerability resides in the OBJ file format parser, specifically in the RWObj_Reader::read() function which processes Wavefront OBJ geometry files. The root cause is a classic CWE-125 out-of-bounds read: when Standard_ReadLineBuffer::ReadLine() returns a minimal valid OBJ line with only 1 byte of data, the subsequent call to pushIndices(aLine + 2) attempts to access memory 2 bytes beyond the allocated buffer without prior length validation. This occurs during the parsing of vertex indices or face definitions in malformed OBJ files. The heap-based nature means the read occurs in dynamically allocated memory, potentially exposing heap metadata, adjacent object data, or causing segmentation faults depending on memory layout.

RemediationAI

Upgrade to Open CASCADE Technology version 8.0.0 final or later if available, as rc5 is a pre-release version. Users should verify with the Open3D Foundation whether stable 8.x releases incorporate fixes for this parsing issue, as no official vendor advisory was identified in the references. Until patching is confirmed available, implement compensating controls: restrict OBJ file processing to trusted sources only, deploy OCCT-based applications in sandboxed environments with limited memory access (containers, VMs with restricted heap permissions), and implement file validation layers that reject OBJ files with anomalously short vertex or face definition lines before passing to OCCT parser. For high-risk environments processing untrusted 3D content, consider using alternative OBJ parsers with better input validation as a temporary measure, though this may require application refactoring. Enable address space layout randomization (ASLR) and heap protection mechanisms on systems running OCCT applications to reduce information disclosure impact. Note that input sanitization at application level may conflict with legitimate minimal OBJ files, requiring testing with production geometry datasets. Reference PoC analysis at https://gist.github.com/sgInnora/dfba083d04906283e9c92aea78e2d94a for understanding malicious file structure.

Share

CVE-2026-42477 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy