CVE-2026-42480

Open CASCADE Technology V8_0_0_rc5 - DoS

Title source: llm

Description

A stack-based out-of-bounds read vulnerability in VrmlData_Scene::ReadLine in the VRML parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because the quoted-string escape handler uses ptr[++anOffset] without proper bounds checking, which can read past the end of a fixed-size stack buffer.

References (1)

Core 1

Core References

https://gist.github.com/sgInnora/dfba083d04906283e9c92aea78e2d94a

Scores

EPSS 0.0001

EPSS Percentile 2.1%

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

Status published

Published May 01, 2026

Tracked Since May 01, 2026