Medium severity5.5NVD Advisory· Published May 1, 2026· Updated May 7, 2026

CVE-2026-42480

Description

A stack-based out-of-bounds read vulnerability in VrmlData_Scene::ReadLine in the VRML parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because the quoted-string escape handler uses ptr[++anOffset] without proper bounds checking, which can read past the end of a fixed-size stack buffer.

Affected products

Opencascade/Open Cascade Technologyllm-fuzzy
Range: = V8_0_0_rc5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/sgInnora/dfba083d04906283e9c92aea78e2d94anvd

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000