CVE-2026-42478: n/a
An issue was discovered in VrmlData_IndexedFaceSet::TShape in the VRML V2.0 parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because malformed VRML input can trigger dereference of a corrupt or unvalidated pointer during shape construction in libTKDEVRML.so.
AI Analysis
Technical Summary
CVE-2026-42478 describes a denial of service vulnerability in the VrmlData_IndexedFaceSet::TShape function of the VRML V2.0 parser within Open CASCADE Technology (OCCT) version V8_0_0_rc5. The vulnerability is triggered by specially crafted VRML files that cause the parser to dereference corrupt or unvalidated pointers during the construction of shapes, specifically within the libTKDEVRML.so shared library. This results in a denial of service condition. The vulnerability was published on May 1, 2026, with no CVSS score or remediation level provided, and no known exploits reported.
Potential Impact
Successful exploitation of this vulnerability results in denial of service due to application crashes caused by pointer dereferencing errors. There is no information about code execution or data corruption impacts. The vulnerability affects the VRML parser component of OCCT V8_0_0_rc5.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or workaround has been published at this time. Users should monitor vendor communications for updates and avoid processing untrusted VRML files until a fix is available.
CVE-2026-42478: n/a
Description
An issue was discovered in VrmlData_IndexedFaceSet::TShape in the VRML V2.0 parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because malformed VRML input can trigger dereference of a corrupt or unvalidated pointer during shape construction in libTKDEVRML.so.
CVSS v3.1
Score 5.5medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-42478 describes a denial of service vulnerability in the VrmlData_IndexedFaceSet::TShape function of the VRML V2.0 parser within Open CASCADE Technology (OCCT) version V8_0_0_rc5. The vulnerability is triggered by specially crafted VRML files that cause the parser to dereference corrupt or unvalidated pointers during the construction of shapes, specifically within the libTKDEVRML.so shared library. This results in a denial of service condition. The vulnerability was published on May 1, 2026, with no CVSS score or remediation level provided, and no known exploits reported.
Potential Impact
Successful exploitation of this vulnerability results in denial of service due to application crashes caused by pointer dereferencing errors. There is no information about code execution or data corruption impacts. The vulnerability affects the VRML parser component of OCCT V8_0_0_rc5.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or workaround has been published at this time. Users should monitor vendor communications for updates and avoid processing untrusted VRML files until a fix is available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-04-27T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f4c17bcbff5d8610f92aa6
Added to database: 5/1/2026, 3:06:35 PM
Last enriched: 5/1/2026, 3:21:34 PM
Last updated: 6/15/2026, 2:29:26 PM
Views: 75
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.