Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionCVE.org
An issue was discovered in VrmlData_IndexedFaceSet::TShape in the VRML V2.0 parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because malformed VRML input can trigger dereference of a corrupt or unvalidated pointer during shape construction in libTKDEVRML.so.
AnalysisAI
Denial of service in Open CASCADE Technology (OCCT) V8_0_0_rc5 occurs when a crafted VRML V2.0 file triggers null pointer dereference during shape construction in the VrmlData_IndexedFaceSet::TShape parser. Remote unauthenticated attackers can crash applications using libTKDEVRML.so by delivering malformed VRML files, requiring no user interaction (CVSS AV:N/AC:L/PR:N/UI:N). EPSS score not available; no public exploit identified at time of analysis. Affects 3D CAD/visualization applications integrating OCCT for VRML import.
Technical ContextAI
Open CASCADE Technology (OCCT) is an open-source 3D modeling kernel widely used in CAD, CAM, and visualization applications. The VRML (Virtual Reality Modeling Language) V2.0 parser in libTKDEVRML.so handles import of scene graph data. CWE-476 (NULL Pointer Dereference) occurs in VrmlData_IndexedFaceSet::TShape during face set construction when the parser fails to validate pointer integrity before dereferencing. This indicates insufficient input validation on VRML geometry descriptors (coordIndex, texCoordIndex, or normalIndex fields). The vulnerability affects the geometry processing pipeline at parse time, before scene construction completes. CPE data is malformed (n/a:n/a) suggesting limited vendor coordination, but the specific affected version (V8_0_0_rc5) and library (libTKDEVRML.so) are confirmed by description and PoC reference.
RemediationAI
Upgrade to a stable OCCT release newer than V8_0_0_rc5 that includes null pointer validation in VrmlData_IndexedFaceSet::TShape. No vendor-released patch version independently confirmed from available data - check OCCT GitHub repository (https://github.com/Open-Cascade-SAS/OCCT) for commits addressing CWE-476 in VRML parser after rc5 timeframe. If immediate upgrade not feasible, implement compensating controls: disable VRML import functionality in applications where not required (reduces attack surface but eliminates feature); validate VRML files with strict schema checking before passing to OCCT parser (reduces malformed input but adds processing overhead and may not catch all malformed pointers); run VRML parsing in sandboxed processes with crash recovery to limit denial of service to isolated workers (contains impact but does not prevent crashes). Monitor application logs for repeated crashes in libTKDEVRML.so as potential exploitation indicator. For automated pipelines, implement file format allowlisting to reject VRML if not business-critical.
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26601