CVE-2026-42479

Source
https://cve.org/CVERecord?id=CVE-2026-42479
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-42479.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-42479
Downstream
Published
2026-05-01T00:00:00Z
Modified
2026-07-08T08:13:20.467515832Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An out-of-bounds read vulnerability in VrmlDataIndexedLineSet::TShape in the VRML parser in Open CASCADE Technology (OCCT) V800rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because coordIndex values from parsed input are used as direct array indices without validation against the size of the coordinate array during geometry processing.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/42xxx/CVE-2026-42479.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/open-cascade-sas/occt

Affected ranges

Type
GIT
Repo
https://github.com/open-cascade-sas/occt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Introduced
Last affected
Database specific
{
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ],
    "cpe": [
        "cpe:2.3:a:opencascade:open_cascade_technology:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:beta1:*:*:*:*:*:*",
        "cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc2:*:*:*:*:*:*",
        "cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc3:*:*:*:*:*:*",
        "cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc4:*:*:*:*:*:*",
        "cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc5:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.9.3"
        },
        {
            "introduced": "8.0.0-beta1"
        },
        {
            "last_affected": "8.0.0-beta1"
        },
        {
            "introduced": "8.0.0-rc1"
        },
        {
            "last_affected": "8.0.0-rc1"
        },
        {
            "introduced": "8.0.0-rc2"
        },
        {
            "last_affected": "8.0.0-rc2"
        },
        {
            "introduced": "8.0.0-rc3"
        },
        {
            "last_affected": "8.0.0-rc3"
        },
        {
            "introduced": "8.0.0-rc4"
        },
        {
            "last_affected": "8.0.0-rc4"
        },
        {
            "introduced": "8.0.0-rc5"
        },
        {
            "last_affected": "8.0.0-rc5"
        }
    ]
}

Affected versions

8.*
8.0.0-beta1
8.0.0-rc1
8.0.0-rc2
8.0.0-rc3
8.0.0-rc4
8.0.0-rc5
Other
V6_5_0
V6_5_1
V6_5_2
V6_5_3
V6_5_3_beta1
V6_5_4
V6_5_4_beta1
V6_6_0
V6_6_0_beta
V6_7_0
V6_7_0_beta
V6_8_0
V6_8_0_beta
V6_9_0
V6_9_0_beta
V6_9_0_beta1
V6_9_0_beta2
V7_0_0
V7_0_0_beta
V7_0_0rc
V7_1_0
V7_1_0_beta
V7_2_0
V7_2_0_beta
V7_3_0
V7_3_0_beta
V7_4_0
V7_4_0_beta
V7_5_0
V7_5_0_beta
V7_6_0
V7_7_0
V7_7_0_beta
V7_8_0
V7_9_0
V7_9_0_beta1
V7_9_0_beta2
V7_9_1
V7_9_2
V7_9_3
V8_0_0_rc1
V8_0_0_rc2
V8_0_0_rc3
V8_0_0_rc4
V8_0_0_rc5

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-42479.json"