5.5

CVE-2026-42481

Open CASCADE Technology (OCCT) V8_0_0_rc5 contains multiple vulnerabilities in its IGES and STEP file parsers that can be triggered by crafted IGES or STEP files. These issues include an out-of-bounds read in Geom2d_BSplineCurve::EvalD0 during IGES B-spline curve evaluation, an out-of-bounds read in MakeBSplineCurveCommon during STEP B-spline curve construction, and infinite recursion in StepShape_OrientedEdge::EdgeStart when processing a self-referential OrientedEdge entity. Successful exploitation may result in denial of service or unintended memory disclosure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpencascadeOpen Cascade Technology Version <= 7.9.3
OpencascadeOpen Cascade Technology Version8.0.0 Updatebeta1
OpencascadeOpen Cascade Technology Version8.0.0 Updaterc1
OpencascadeOpen Cascade Technology Version8.0.0 Updaterc2
OpencascadeOpen Cascade Technology Version8.0.0 Updaterc3
OpencascadeOpen Cascade Technology Version8.0.0 Updaterc4
OpencascadeOpen Cascade Technology Version8.0.0 Updaterc5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.1% 0.01
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://gist.github.com/sgInnora/dfba083d04906283e9c92aea78e2d94a
Third Party Advisory