CVE-2026-42476

Name of the Vulnerable Software and Affected Versions Open CASCADE Technology (OCCT) version V8 0 0 rc5

Description Two heap-based out-of-bounds read issues exist in the STL ASCII file parser within the RWStl Reader::ReadAscii() function. These occur because buffers returned by Standard ReadLineBuffer::ReadLine() are not properly length-validated before being used in strncasecmp or during direct byte access. A user-assisted attacker can trigger these issues by persuading a victim to open a specially crafted STL file containing extremely short lines, which may lead to a denial of service or information disclosure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.