Description
A heap-based out-of-bounds read vulnerability in RWObj_Reader::read in the OBJ file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows user-assisted attackers to cause a denial of service or obtain sensitive information by persuading a victim to open a crafted OBJ file. The issue occurs because Standard_ReadLineBuffer::ReadLine() can return a 1-byte buffer for a minimal OBJ line, and RWObj_Reader::read() calls pushIndices(aLine + 2) without validating the buffer length.
Published: 2026-05-01
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a heap‑based out‑of‑bounds read (CWE‑122) caused by insufficient validation in the OBJ file parser, which also results in a general out‑of‑bounds read (CWE‑125). When a minimal line is read, the parser may read beyond the allocated buffer, potentially exposing memory contents or crashing the application. Attacking this weakness could result in a denial of service or leakage of sensitive data. The likely attack vector is user‑assisted, as an attacker must persuade a victim to open a crafted OBJ file. The impact is limited to the machine running the software, but the severity depends on the sensitivity of the data accessed by the read.

Affected Systems

Open CASCADE Technology (OCCT) version 8.0.0 RC5 contains the vulnerable OBJ parser. No other affected vendors or versions are publicly listed.

Risk and Exploitability

The CVSS score of 5.5 indicates a medium severity vulnerability. The EPSS score is 0.012% (sub‑1%) and the vulnerability is not listed in CISA’s KEV catalog, so the current exploitation probability is low. However, because the flaw requires a user interaction to open a malicious file, the risk is primarily to environments where users can be induced to open unknown OBJ files or to compromised systems that process such files automatically. The potential impact—service disruption or data compromise—remains high if the vulnerability is successfully triggered.

Generated by OpenCVE AI on May 10, 2026 at 15:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the latest OCCT release that contains the parser patch
  • If the application does not require OBJ file handling, disable or remove that functionality
  • Implement strict input validation or sandboxing for any remaining OBJ file processing and monitor for anomalous memory reads or crashes

Generated by OpenCVE AI on May 10, 2026 at 15:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 10 May 2026 16:15:00 +0000

Type Values Removed Values Added
Title Heap‑Based Out‑of‑Bounds Read in OCCT OBJ Parser Leading to DoS or Information Leak

Sun, 10 May 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122

Sat, 02 May 2026 08:30:00 +0000

Type Values Removed Values Added
Title Heap‑Based Out‑of‑Bounds Read in OCCT OBJ Parser Leading to DoS or Information Leak

Fri, 01 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Fri, 01 May 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Opencascade
Opencascade open Cascade Technology
Weaknesses CWE-125
CPEs cpe:2.3:a:opencascade:open_cascade_technology:*:*:*:*:*:*:*:*
cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc4:*:*:*:*:*:*
cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc5:*:*:*:*:*:*
Vendors & Products Opencascade
Opencascade open Cascade Technology
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H'}

Fri, 01 May 2026 15:00:00 +0000

Type Values Removed Values Added
Description A heap-based out-of-bounds read vulnerability in RWObj_Reader::read in the OBJ file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows user-assisted attackers to cause a denial of service or obtain sensitive information by persuading a victim to open a crafted OBJ file. The issue occurs because Standard_ReadLineBuffer::ReadLine() can return a 1-byte buffer for a minimal OBJ line, and RWObj_Reader::read() calls pushIndices(aLine + 2) without validating the buffer length.
References

Subscriptions

Opencascade Open Cascade Technology
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-10T13:22:18.770Z

Reserved: 2026-04-27T00:00:00.000Z

Link: CVE-2026-42477

cve-icon Vulnrichment

Updated: 2026-05-01T18:32:03.540Z

cve-icon NVD

Status : Modified

Published: 2026-05-01T15:16:43.737

Modified: 2026-05-10T14:16:50.350

Link: CVE-2026-42477

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-10T16:00:13Z

Weaknesses