CVE-2026-42480: n/a
A stack-based out-of-bounds read vulnerability in VrmlData_Scene::ReadLine in the VRML parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because the quoted-string escape handler uses ptr[++anOffset] without proper bounds checking, which can read past the end of a fixed-size stack buffer.
AI Analysis
Technical Summary
This vulnerability involves a stack-based out-of-bounds read in the VRML parser of Open CASCADE Technology (OCCT) V8_0_0_rc5. Specifically, the VrmlData_Scene::ReadLine function improperly uses ptr[++anOffset] without verifying that the incremented offset remains within the bounds of a fixed-size stack buffer. This can lead to reading memory beyond the buffer limits when processing crafted VRML files, causing a denial of service by crashing the application. There is no CVSS score or vendor advisory indicating patch availability or mitigation steps. The vulnerability is limited to local processing of malicious VRML files and does not involve remote code execution or data disclosure.
Potential Impact
The vulnerability allows an attacker to cause a denial of service by crashing the application that parses VRML files in OCCT V8_0_0_rc5. There is no indication of code execution or data leakage. No known exploits exist in the wild. The impact is limited to availability disruption when processing malicious VRML content.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, avoid processing untrusted or unauthenticated VRML files with affected versions of OCCT. No vendor advisory or patch information is currently available to indicate an official fix or temporary workaround.
CVE-2026-42480: n/a
Description
A stack-based out-of-bounds read vulnerability in VrmlData_Scene::ReadLine in the VRML parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because the quoted-string escape handler uses ptr[++anOffset] without proper bounds checking, which can read past the end of a fixed-size stack buffer.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves a stack-based out-of-bounds read in the VRML parser of Open CASCADE Technology (OCCT) V8_0_0_rc5. Specifically, the VrmlData_Scene::ReadLine function improperly uses ptr[++anOffset] without verifying that the incremented offset remains within the bounds of a fixed-size stack buffer. This can lead to reading memory beyond the buffer limits when processing crafted VRML files, causing a denial of service by crashing the application. There is no CVSS score or vendor advisory indicating patch availability or mitigation steps. The vulnerability is limited to local processing of malicious VRML files and does not involve remote code execution or data disclosure.
Potential Impact
The vulnerability allows an attacker to cause a denial of service by crashing the application that parses VRML files in OCCT V8_0_0_rc5. There is no indication of code execution or data leakage. No known exploits exist in the wild. The impact is limited to availability disruption when processing malicious VRML content.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, avoid processing untrusted or unauthenticated VRML files with affected versions of OCCT. No vendor advisory or patch information is currently available to indicate an official fix or temporary workaround.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-04-27T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f4c881cbff5d8610019a21
Added to database: 5/1/2026, 3:36:33 PM
Last enriched: 5/1/2026, 3:51:36 PM
Last updated: 5/1/2026, 7:16:55 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.