Description

Two heap-based out-of-bounds read vulnerabilities in the STL ASCII file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 exist in RWStl_Reader::ReadAscii because buffers returned by Standard_ReadLineBuffer::ReadLine() are not properly length-validated before strncasecmp or direct byte access. User-assisted attackers can trigger these issues by persuading a victim to open a crafted STL file with extremely short lines, resulting in a denial of service or possible information disclosure.

INFO

Published Date :

2026-05-01T00:00:00.000Z

Last Modified :

2026-05-01T18:32:41.481Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2026-42476 vulnerability.

Vendors Products
Opencascade
  • Open Cascade Technology
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-42476.

URL Resource
https://gist.github.com/sgInnora/dfba083d04906283e9c92aea78e2d94a cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact