CVE-2026-42477

Name of the Vulnerable Software and Affected Versions Open CASCADE Technology (OCCT) version V8 0 0 rc5

Description A heap-based out-of-bounds read in the OBJ file parser occurs within the RWObj Reader::read function. This happens because Standard ReadLineBuffer::ReadLine() may return a 1-byte buffer for a minimal OBJ line, and RWObj Reader::read() subsequently calls pushIndices(aLine + 2) without validating the buffer length. User-assisted attackers can exploit this by persuading a victim to open a specially crafted OBJ file, potentially leading to a denial of service or the disclosure of sensitive information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.