CVE-2026-42479

CVSS Score & Metrics

Base Score

5.5 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H                                    

Vulnerability Description

An out-of-bounds read vulnerability in VrmlData_IndexedLineSet::TShape in the VRML parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because coordIndex values from parsed input are used as direct array indices without validation against the size of the coordinate array during geometry processing.

Vulnerability Details

Published Date

May 01, 2026

Last Modified

May 01, 2026

CWE ID

CWE-125

Source

NVD

Vendor

opencascade

Product

open_cascade_technology

External References

https://gist.github.com/sgInnora/dfba083d04906283e9c92aea78e2d94a

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment