Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionCVE.org
A stack-based out-of-bounds read vulnerability in VrmlData_Scene::ReadLine in the VRML parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because the quoted-string escape handler uses ptr[++anOffset] without proper bounds checking, which can read past the end of a fixed-size stack buffer.
AnalysisAI
Stack-based out-of-bounds read in Open CASCADE Technology (OCCT) V8_0_0_rc5 VRML parser allows local attackers with low privileges to cause denial of service by submitting a crafted VRML file. The vulnerability stems from unsafe pointer arithmetic in the quoted-string escape handler that reads past a fixed-size stack buffer without bounds validation. CISA SSVC assessment indicates exploitation is not currently active and not readily automatable, suggesting this is a localized attack requiring user interaction with malicious files.
Technical ContextAI
The vulnerability exists in the VrmlData_Scene::ReadLine function within OCCT's VRML (Virtual Reality Modeling Language) file parser. VRML is a text-based 3D graphics format that uses quoted strings for data encoding. The root cause (CWE-125: Out-of-bounds Read) occurs in the escape sequence handler for quoted strings, where the code uses ptr[++anOffset] to read characters without verifying that anOffset remains within the bounds of a fixed-size stack buffer. This allows reading arbitrary stack memory adjacent to the buffer. The vulnerable component is part of OCCT's 3D geometry and modeling library, which is used in CAD/CAM applications, engineering software, and 3D visualization tools.
RemediationAI
Upgrade to a patched version of Open CASCADE Technology released after V8_0_0_rc5. Exact patch version numbers are not specified in the available data; contact Open CASCADE Technology support or consult their security advisories for the specific fixed release. As an immediate workaround, restrict processing of VRML files from untrusted sources, implement file validation at the application boundary, and disable VRML import features if not required. Monitor OCCT-dependent applications for unexpected crashes or high memory access patterns that may indicate exploitation attempts. Note that these workarounds reduce functionality and should be temporary pending a permanent patch deployment.
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26677