CVE-2026-42476: n/a
Two heap-based out-of-bounds read vulnerabilities in the STL ASCII file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 exist in RWStl_Reader::ReadAscii because buffers returned by Standard_ReadLineBuffer::ReadLine() are not properly length-validated before strncasecmp or direct byte access. User-assisted attackers can trigger these issues by persuading a victim to open a crafted STL file with extremely short lines, resulting in a denial of service or possible information disclosure.
AI Analysis
Technical Summary
This vulnerability affects the STL ASCII file parser component of Open CASCADE Technology (OCCT) version V8_0_0_rc5. Specifically, the RWStl_Reader::ReadAscii function does not properly validate the length of buffers returned by Standard_ReadLineBuffer::ReadLine() before using strncasecmp or direct byte access. This results in two heap-based out-of-bounds read vulnerabilities. An attacker can exploit these by convincing a user to open a maliciously crafted STL file containing extremely short lines, which may cause a denial of service or potentially leak information from memory.
Potential Impact
Successful exploitation can lead to denial of service or possible information disclosure due to out-of-bounds reads. The attack requires user assistance, as the victim must open a specially crafted STL file. There is no indication of remote code execution or broader system compromise from the provided data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary workaround has been documented at this time. Users should exercise caution when opening STL files from untrusted sources until a patch or mitigation is available.
CVE-2026-42476: n/a
Description
Two heap-based out-of-bounds read vulnerabilities in the STL ASCII file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 exist in RWStl_Reader::ReadAscii because buffers returned by Standard_ReadLineBuffer::ReadLine() are not properly length-validated before strncasecmp or direct byte access. User-assisted attackers can trigger these issues by persuading a victim to open a crafted STL file with extremely short lines, resulting in a denial of service or possible information disclosure.
CVSS v3.1
Score 5.5medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects the STL ASCII file parser component of Open CASCADE Technology (OCCT) version V8_0_0_rc5. Specifically, the RWStl_Reader::ReadAscii function does not properly validate the length of buffers returned by Standard_ReadLineBuffer::ReadLine() before using strncasecmp or direct byte access. This results in two heap-based out-of-bounds read vulnerabilities. An attacker can exploit these by convincing a user to open a maliciously crafted STL file containing extremely short lines, which may cause a denial of service or potentially leak information from memory.
Potential Impact
Successful exploitation can lead to denial of service or possible information disclosure due to out-of-bounds reads. The attack requires user assistance, as the victim must open a specially crafted STL file. There is no indication of remote code execution or broader system compromise from the provided data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary workaround has been documented at this time. Users should exercise caution when opening STL files from untrusted sources until a patch or mitigation is available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-04-27T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f4c17bcbff5d8610f92aa0
Added to database: 5/1/2026, 3:06:35 PM
Last enriched: 5/1/2026, 3:21:46 PM
Last updated: 6/15/2026, 7:56:59 PM
Views: 89
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.