CVE-2026-42481

Published: May 1, 2026Modified: Jun 1, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Open CASCADE Technology (OCCT) V8_0_0_rc5 contains multiple vulnerabilities in its IGES and STEP file parsers that can be triggered by crafted IGES or STEP files. These issues include an out-of-bounds read in Geom2d_BSplineCurve::EvalD0 during IGES B-spline curve evaluation, an out-of-bounds read in MakeBSplineCurveCommon during STEP B-spline curve construction, and infinite recursion in StepShape_OrientedEdge::EdgeStart when processing a self-referential OrientedEdge entity. Successful exploitation may result in denial of service or unintended memory disclosure.

Affected (7)

Products: Opencascade: Open Cascade Technology

Opencascade

1 product

Open Cascade Technology

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Opencascade Open Cascade Technology	Up to 7.9.3
Opencascade Open Cascade Technology	Version 8.0.0 beta1
Opencascade Open Cascade Technology	Version 8.0.0 rc1
Opencascade Open Cascade Technology	Version 8.0.0 rc2
Opencascade Open Cascade Technology	Version 8.0.0 rc3
Opencascade Open Cascade Technology	Version 8.0.0 rc4
Opencascade Open Cascade Technology	Version 8.0.0 rc5

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (1)

https://gist.github.com/sgInnora/dfba083d04906283e9c92aea78e2d94a

Source: cve@mitre.org

Third Party Advisory

Timeline

No history available yet.