Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Lifecycle Timeline
5DescriptionCVE.org
Two heap-based out-of-bounds read vulnerabilities in the STL ASCII file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 exist in RWStl_Reader::ReadAscii because buffers returned by Standard_ReadLineBuffer::ReadLine() are not properly length-validated before strncasecmp or direct byte access. User-assisted attackers can trigger these issues by persuading a victim to open a crafted STL file with extremely short lines, resulting in a denial of service or possible information disclosure.
AnalysisAI
Heap-based out-of-bounds reads in Open CASCADE Technology (OCCT) V8_0_0_rc5 STL ASCII parser allow local attackers to trigger denial of service or disclose process memory by convincing users to open maliciously crafted STL files with extremely short lines. The vulnerability stems from improper length validation of buffers returned by Standard_ReadLineBuffer::ReadLine() before strncasecmp operations or direct byte access in RWStl_Reader::ReadAscii. CVSS score of 7.1 reflects high confidentiality and availability impact requiring user interaction. No public exploit code, active exploitation (CISA KEV), or vendor patch information identified at time of analysis, though technical details are publicly available via GitHub Gist.
Technical ContextAI
Open CASCADE Technology (OCCT) is an open-source 3D modeling framework widely used in CAD/CAM/CAE applications for geometric processing and visualization. The vulnerability resides in the STL (STereoLithography) ASCII file parser, specifically in the RWStl_Reader::ReadAscii function which processes text-based 3D mesh data. STL ASCII files describe triangular mesh geometry using human-readable text. The parser uses Standard_ReadLineBuffer::ReadLine() to read file lines but fails to validate buffer lengths before passing them to strncasecmp (case-insensitive string comparison) or performing direct byte-level operations. When processing malformed STL files with extremely short lines, the parser attempts to read beyond allocated heap buffer boundaries (CWE-125: Out-of-bounds Read). This heap-based buffer over-read can leak adjacent memory contents or cause process crashes when invalid memory regions are accessed. The affected version V8_0_0_rc5 indicates a release candidate build, suggesting pre-production code.
RemediationAI
No vendor-released patch or fixed version is identified in the available data. Organizations using Open CASCADE Technology V8_0_0_rc5 should check the official OCCT GitHub repository (https://github.com/Open-Cascade-SAS/OCCT) and Open CASCADE website for security advisories addressing CVE-2026-42476, particularly in stable 8.0.0 or later releases. If a patched version is released, upgrade OCCT library and recompile dependent applications. Compensating controls for unpatched environments: (1) Restrict STL file processing to trusted sources only - implement file origin validation before parsing, though this may break workflows requiring external model import; (2) Deploy OCCT-based applications in sandboxed environments (containers, VMs with limited privileges) to contain information disclosure impact, with overhead of maintaining isolated runtime environments; (3) Implement input validation wrapper to pre-scan STL files for abnormally short lines before passing to OCCT parser, though this requires custom development and may not catch all malformed inputs; (4) Disable STL ASCII format support if binary STL processing suffices for operational requirements, eliminating attack surface but reducing file format compatibility. The GitHub Gist reference (https://gist.github.com/sgInnora/dfba083d04906283e9c92aea78e2d94a) may contain additional technical details useful for developing detection signatures or input validation rules.
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26599