7.1

CVE-2026-42476

Two heap-based out-of-bounds read vulnerabilities in the STL ASCII file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 exist in RWStl_Reader::ReadAscii because buffers returned by Standard_ReadLineBuffer::ReadLine() are not properly length-validated before strncasecmp or direct byte access. User-assisted attackers can trigger these issues by persuading a victim to open a crafted STL file with extremely short lines, resulting in a denial of service or possible information disclosure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpencascadeOpen Cascade Technology Version <= 7.9.3
OpencascadeOpen Cascade Technology Version8.0.0 Updatebeta1
OpencascadeOpen Cascade Technology Version8.0.0 Updaterc1
OpencascadeOpen Cascade Technology Version8.0.0 Updaterc2
OpencascadeOpen Cascade Technology Version8.0.0 Updaterc3
OpencascadeOpen Cascade Technology Version8.0.0 Updaterc4
OpencascadeOpen Cascade Technology Version8.0.0 Updaterc5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.11% 0.013
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://gist.github.com/sgInnora/dfba083d04906283e9c92aea78e2d94a
Third Party Advisory