The vulnerability exists in the VRML V2.0 parser component of Open CASCADE Technology (OCCT), specifically in the VrmlData_IndexedFaceSet::TShape routine. Malformed VRML input can cause the parser to dereference a corrupt or unvalidated pointer while constructing a shape in libTKDEVRML.so, leading to an application crash. The impact is a denial of service that can affect any system running the vulnerable OCCT library and processing untrusted VRML files.

The affected software is Open CASCADE Technology version 8.0.0_rc5. No other vendor or product versions are listed in the advisory. Users running this release, or any build that includes the unpatched libTKDEVRML.so, are at risk if they parse malicious VRML content.

The CVSS score is 5.5, but the nature of the flaw—an unchecked pointer dereference triggered by crafted input—suggests a high likelihood of exploitation in environments where the library processes user-supplied VRML files. Exploitation requires only that a malicious VRML file be fed to the parser; no special privileges are needed. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, but the potential for widespread denial of service remains if the vulnerable OCCT version is deployed without restriction.