CVE-2026-42479
Last modified
CVE-2026-42479 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. An out-of-bounds read vulnerability in VrmlData_IndexedLineSet::TShape in the VRML parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because coordIndex values from parsed input are used as direct array indices without validation against the size of the coordinate array during geometry processing.. EPSS estimates a 0.10% chance of exploitation in the next 30 days.
Description
An out-of-bounds read vulnerability in VrmlData_IndexedLineSet::TShape in the VRML parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because coordIndex values from parsed input are used as direct array indices without validation against the size of the coordinate array during geometry processing.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Opencascade | Open Cascade Technology | <= 7.9.3 | — |
| Opencascade | Open Cascade Technology | 8.0.0 | Beta1 |
References
- https://gist.github.com/sgInnora/dfba083d04906283e9c92aea78e2d94aThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2026-42479?
How severe is CVE-2026-42479?
How do I fix CVE-2026-42479?
Are you affected by CVE-2026-42479?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST