Description
Two heap-based out-of-bounds read vulnerabilities in the STL ASCII file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 exist in RWStl_Reader::ReadAscii because buffers returned by Standard_ReadLineBuffer::ReadLine() are not properly length-validated before strncasecmp or direct byte access. User-assisted attackers can trigger these issues by persuading a victim to open a crafted STL file with extremely short lines, resulting in a denial of service or possible information disclosure.
Published: 2026-05-01
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Two heap-based out-of-bounds read bugs exist in the STL ASCII file parser of Open CASCADE Technology (OCCT) V8_0_0_rc5. The functions that read lines do not enforce proper buffer length checks before comparing with strncasecmp or directly accessing the data. An attacker can craft an STL file containing lines that are far shorter than expected; when a victim opens the file the parser reads past the end of the allocated buffer, leading to a denial of service or leaking of memory contents. The primary impact is disruption of services and potential exposure of internal data, but no code execution is indicated.

Affected Systems

The vulnerability affects the Open CASCADE Technology library (OCCT) version V8_0_0_rc5, specifically the RWStl_Reader::ReadAscii routine used to parse ASCII STL files. No other vendors or products are listed.

Risk and Exploitability

No EPSS score is available and the vulnerability is not listed in CISA KEV, indicating that widespread exploitation has not yet been observed. The CVSS score of 5.5 indicates moderate severity, and the attack requires a user‑assisted scenario: an attacker must convince a victim to open a malicious STL file. This social‑engineering prerequisite limits the attack surface to environments where STL files are routinely processed. Thus the combination of denial of service and possible information leakage poses a moderate risk for organizations that accept arbitrary STL inputs.

Generated by OpenCVE AI on May 2, 2026 at 08:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OCCT to a version in which the STL parser bug has been fixed; if a patch is not yet available, download the latest release from the vendor and apply it promptly.
  • Validate incoming STL files by checking that line lengths meet minimum expectations before invoking the parser; reject files that contain significantly short lines to prevent buffer overruns.
  • If upgrading is not immediately possible, run known STL files through a sandboxed environment or add custom bounds checks that enforce correct buffer lengths in the ReadAscii call, thereby mitigating out‑of‑bounds reads related to CWE‑125.

Generated by OpenCVE AI on May 2, 2026 at 08:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 08:30:00 +0000

Type Values Removed Values Added
Title Heap OOB Read in Open CASCADE STL ASCII Parser Causes DoS and Info Disclosure

Fri, 01 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Fri, 01 May 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Opencascade
Opencascade open Cascade Technology
Weaknesses CWE-125
CPEs cpe:2.3:a:opencascade:open_cascade_technology:*:*:*:*:*:*:*:*
cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc4:*:*:*:*:*:*
cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc5:*:*:*:*:*:*
Vendors & Products Opencascade
Opencascade open Cascade Technology
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H'}

Fri, 01 May 2026 15:00:00 +0000

Type Values Removed Values Added
Description Two heap-based out-of-bounds read vulnerabilities in the STL ASCII file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 exist in RWStl_Reader::ReadAscii because buffers returned by Standard_ReadLineBuffer::ReadLine() are not properly length-validated before strncasecmp or direct byte access. User-assisted attackers can trigger these issues by persuading a victim to open a crafted STL file with extremely short lines, resulting in a denial of service or possible information disclosure.
References

Subscriptions

Opencascade Open Cascade Technology
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-01T18:32:41.481Z

Reserved: 2026-04-27T00:00:00.000Z

Link: CVE-2026-42476

cve-icon Vulnrichment

Updated: 2026-05-01T18:32:32.354Z

cve-icon NVD

Status : Modified

Published: 2026-05-01T15:16:43.620

Modified: 2026-05-01T19:16:31.773

Link: CVE-2026-42476

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T08:15:16Z

Weaknesses