CVE-2026-42478
EUVD-2026-2660101.05.2026, 15:16
An issue was discovered in VrmlData_IndexedFaceSet::TShape in the VRML V2.0 parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because malformed VRML input can trigger dereference of a corrupt or unvalidated pointer during shape construction in libTKDEVRML.so.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| opencascade | open_cascade_technology | 𝑥 ≤ 7.9.3 |
| opencascade | open_cascade_technology | 8.0.0:beta1 |
| opencascade | open_cascade_technology | 8.0.0:rc1 |
| opencascade | open_cascade_technology | 8.0.0:rc2 |
| opencascade | open_cascade_technology | 8.0.0:rc3 |
| opencascade | open_cascade_technology | 8.0.0:rc4 |
| opencascade | open_cascade_technology | 8.0.0:rc5 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-476 - NULL Pointer DereferenceA NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
- CWE-125 - Out-of-bounds ReadThe software reads data past the end, or before the beginning, of the intended buffer.