CVE-2026-42481

Name of the Vulnerable Software and Affected Versions Open CASCADE Technology (OCCT) version V8 0 0 rc5

Description Multiple issues exist in the IGES and STEP file parsers that can be triggered by crafted files. These include an out-of-bounds read (reading data outside the intended boundary of a buffer) in the Geom2d BSplineCurve::EvalD0 function during IGES B-spline curve evaluation, an out-of-bounds read in the MakeBSplineCurveCommon function during STEP B-spline curve construction, and infinite recursion (a function calling itself without a termination condition) in the StepShape OrientedEdge::EdgeStart function when processing a self-referential OrientedEdge entity. Exploitation may lead to denial of service or unintended memory disclosure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.