The vulnerability in Open CASCADE Technology (OCCT) V8_0_0_rc5 involves a heap-based out-of-bounds read in the OBJ file parser's RWObj_Reader::read function. The root cause is that Standard_ReadLineBuffer::ReadLine() may return a buffer of only 1 byte for minimal OBJ lines, but RWObj_Reader::read() calls pushIndices(aLine + 2) without checking if the buffer length is sufficient. This can lead to reading memory beyond the allocated buffer, which may cause application crashes (denial of service) or disclosure of sensitive information. The vulnerability requires user assistance, as it depends on opening a crafted OBJ file. The CVSS vector indicates local attack vector, low complexity, low privileges required, no user interaction, unchanged scope, no confidentiality or integrity impact, but high availability impact. No patch or vendor advisory is currently available, and the vulnerability is not in a cloud service.

Successful exploitation can cause a denial of service by crashing the application processing the crafted OBJ file or potentially allow an attacker to read sensitive memory contents. The impact is limited to availability and information disclosure, with no direct impact on confidentiality or integrity. The attack requires local access and user assistance to open the malicious file. There are no known exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should exercise caution when opening OBJ files from untrusted sources to avoid triggering this vulnerability. No official fix or temporary workaround has been published.