Description
A stack-based out-of-bounds read vulnerability in VrmlData_Scene::ReadLine in the VRML parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because the quoted-string escape handler uses ptr[++anOffset] without proper bounds checking, which can read past the end of a fixed-size stack buffer.
Published: 2026-05-01
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A bug in the VRML parser of Open CASCADE Technology triggers a stack-based out‑of‑bounds read when processing the escape sequence of a quoted string. The out‑of‑bounds read can allow an attacker to provide a malicious VRML file that causes the parser to read beyond a fixed‑size buffer, leading to a crash or halt of the application. The primary consequence is loss of service rather than confidentiality or integrity exposure.

Affected Systems

The vulnerability has been identified in Open CASCADE Technology (OCCT) V8_0_0_rc5. No other affected versions or vendors are listed in the available data.

Risk and Exploitability

Severity information is available: a CVSS score of 5.5, and the EPSS score is not available. The vulnerability is not listed in CISA’s KEV catalog. Exploitation would require an attacker to provide a crafted VRML file to an application that uses OCCT’s VRML parser, implying a remote attack vector where the victim processes user‑supplied data.

Generated by OpenCVE AI on May 2, 2026 at 07:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the OCCT project website or repository for a newer release that fixes the VRML parsing issue and upgrade to that version if available.
  • If a fixed version is not immediately available, reconfigure the target application to refuse or isolate any VRML file processing, preventing untrusted data from reaching the parser.
  • As an additional safeguard, validate or sanitize VRML input before it is passed to OCCT, ensuring any escape sequences are properly bounded and no buffer overrun can occur.

Generated by OpenCVE AI on May 2, 2026 at 07:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 08:15:00 +0000

Type Values Removed Values Added
Title Stack-based Out-of-Bounds Read in VRML Parser Causing Denial of Service in OCCT

Fri, 01 May 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 01 May 2026 15:30:00 +0000

Type Values Removed Values Added
Description A stack-based out-of-bounds read vulnerability in VrmlData_Scene::ReadLine in the VRML parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because the quoted-string escape handler uses ptr[++anOffset] without proper bounds checking, which can read past the end of a fixed-size stack buffer.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-01T18:29:14.320Z

Reserved: 2026-04-27T00:00:00.000Z

Link: CVE-2026-42480

cve-icon Vulnrichment

Updated: 2026-05-01T18:29:05.334Z

cve-icon NVD

Status : Received

Published: 2026-05-01T16:16:32.047

Modified: 2026-05-01T19:16:32.470

Link: CVE-2026-42480

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T08:00:14Z

Weaknesses