Description
A heap-based out-of-bounds read vulnerability in RWObj_Reader::read in the OBJ file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows user-assisted attackers to cause a denial of service or obtain sensitive information by persuading a victim to open a crafted OBJ file. The issue occurs because Standard_ReadLineBuffer::ReadLine() can return a 1-byte buffer for a minimal OBJ line, and RWObj_Reader::read() calls pushIndices(aLine + 2) without validating the buffer length.
Published: 2026-05-01
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a heap‑based out‑of‑bounds read caused by insufficient validation in the OBJ file parser. When a minimal line is read, the parser may read beyond the allocated buffer, potentially exposing memory contents or crashing the application. Attacking this weakness could result in a denial of service or leakage of sensitive data. This is a classic example of a CWE‑125 vulnerability: Out‑of‑Bounds Read. The likely attack vector is user‑assisted, as an attacker must persuade a victim to open a crafted OBJ file. The impact is limited to the machine running the software, but the severity depends on the sensitivity of the data accessed by the read.

Affected Systems

Open CASCADE Technology (OCCT) version 8.0.0 RC5 contains the vulnerable OBJ parser. No other affected vendors or versions are publicly listed.

Risk and Exploitability

The CVSS score of 5.5 indicates a medium severity vulnerability. The EPSS score is unavailable and the vulnerability is not listed in CISA’s KEV catalog, so the current exploitation probability is unclear. However, because the flaw requires a user interaction to open a malicious file, the risk is primarily to environments where users can be induced to open unknown OBJ files or to compromised systems that process such files automatically. The potential impact—service disruption or data compromise—remains high if the vulnerability is successfully triggered. Organizations should treat this as a significant risk when the software processes external OBJ files.

Generated by OpenCVE AI on May 2, 2026 at 08:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the latest OCCT release that contains the parser patch
  • If the application does not require OBJ file handling, disable or remove that functionality
  • Implement strict input validation or sandboxing for any remaining OBJ file processing and monitor for anomalous memory reads or crashes

Generated by OpenCVE AI on May 2, 2026 at 08:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 08:30:00 +0000

Type Values Removed Values Added
Title Heap‑Based Out‑of‑Bounds Read in OCCT OBJ Parser Leading to DoS or Information Leak

Fri, 01 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Fri, 01 May 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Opencascade
Opencascade open Cascade Technology
Weaknesses CWE-125
CPEs cpe:2.3:a:opencascade:open_cascade_technology:*:*:*:*:*:*:*:*
cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc4:*:*:*:*:*:*
cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc5:*:*:*:*:*:*
Vendors & Products Opencascade
Opencascade open Cascade Technology
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H'}

Fri, 01 May 2026 15:00:00 +0000

Type Values Removed Values Added
Description A heap-based out-of-bounds read vulnerability in RWObj_Reader::read in the OBJ file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows user-assisted attackers to cause a denial of service or obtain sensitive information by persuading a victim to open a crafted OBJ file. The issue occurs because Standard_ReadLineBuffer::ReadLine() can return a 1-byte buffer for a minimal OBJ line, and RWObj_Reader::read() calls pushIndices(aLine + 2) without validating the buffer length.
References

Subscriptions

Opencascade Open Cascade Technology
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-01T18:32:07.533Z

Reserved: 2026-04-27T00:00:00.000Z

Link: CVE-2026-42477

cve-icon Vulnrichment

Updated: 2026-05-01T18:32:03.540Z

cve-icon NVD

Status : Modified

Published: 2026-05-01T15:16:43.737

Modified: 2026-05-01T19:16:31.937

Link: CVE-2026-42477

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T08:15:16Z

Weaknesses