CVE-2026-42480

EUVD-2026-26677
A stack-based out-of-bounds read vulnerability in VrmlData_Scene::ReadLine in the VRML parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because the quoted-string escape handler uses ptr[++anOffset] without proper bounds checking, which can read past the end of a fixed-size stack buffer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Affected Products (NVD)
VendorProductVersion
opencascadeopen_cascade_technology
𝑥
≤ 7.9.3
opencascadeopen_cascade_technology
8.0.0:beta1
opencascadeopen_cascade_technology
8.0.0:rc1
opencascadeopen_cascade_technology
8.0.0:rc2
opencascadeopen_cascade_technology
8.0.0:rc3
opencascadeopen_cascade_technology
8.0.0:rc4
opencascadeopen_cascade_technology
8.0.0:rc5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/sgInnora/dfba083d04906283e9c92aea78e2d94a