CVE-2026-42476: n/a
CVE-2026-42476 is a vulnerability in Open CASCADE Technology (OCCT) V8_0_0_rc5 involving two heap-based out-of-bounds read issues in the STL ASCII file parser. These occur because buffers returned by Standard_ReadLineBuffer::ReadLine() are not properly validated for length before being accessed, potentially leading to denial of service or information disclosure when opening crafted STL files with very short lines. The vulnerability requires user interaction to trigger and no official patch or remediation guidance has been provided yet.
AI Analysis
Technical Summary
This vulnerability affects the STL ASCII file parser component of Open CASCADE Technology (OCCT) version V8_0_0_rc5. Specifically, the RWStl_Reader::ReadAscii function does not properly validate the length of buffers returned by Standard_ReadLineBuffer::ReadLine() before using strncasecmp or direct byte access. This results in two heap-based out-of-bounds read vulnerabilities. An attacker can exploit these by convincing a user to open a maliciously crafted STL file containing extremely short lines, which may cause a denial of service or potentially leak information from memory.
Potential Impact
Successful exploitation can lead to denial of service or possible information disclosure due to out-of-bounds reads. The attack requires user assistance, as the victim must open a specially crafted STL file. There is no indication of remote code execution or broader system compromise from the provided data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary workaround has been documented at this time. Users should exercise caution when opening STL files from untrusted sources until a patch or mitigation is available.
CVE-2026-42476: n/a
Description
CVE-2026-42476 is a vulnerability in Open CASCADE Technology (OCCT) V8_0_0_rc5 involving two heap-based out-of-bounds read issues in the STL ASCII file parser. These occur because buffers returned by Standard_ReadLineBuffer::ReadLine() are not properly validated for length before being accessed, potentially leading to denial of service or information disclosure when opening crafted STL files with very short lines. The vulnerability requires user interaction to trigger and no official patch or remediation guidance has been provided yet.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects the STL ASCII file parser component of Open CASCADE Technology (OCCT) version V8_0_0_rc5. Specifically, the RWStl_Reader::ReadAscii function does not properly validate the length of buffers returned by Standard_ReadLineBuffer::ReadLine() before using strncasecmp or direct byte access. This results in two heap-based out-of-bounds read vulnerabilities. An attacker can exploit these by convincing a user to open a maliciously crafted STL file containing extremely short lines, which may cause a denial of service or potentially leak information from memory.
Potential Impact
Successful exploitation can lead to denial of service or possible information disclosure due to out-of-bounds reads. The attack requires user assistance, as the victim must open a specially crafted STL file. There is no indication of remote code execution or broader system compromise from the provided data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary workaround has been documented at this time. Users should exercise caution when opening STL files from untrusted sources until a patch or mitigation is available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-04-27T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f4c17bcbff5d8610f92aa0
Added to database: 5/1/2026, 3:06:35 PM
Last enriched: 5/1/2026, 3:21:46 PM
Last updated: 5/1/2026, 6:00:09 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.