CVE-2026-42481

Source
https://cve.org/CVERecord?id=CVE-2026-42481
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-42481.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-42481
Downstream
Published
2026-05-01T00:00:00Z
Modified
2026-07-08T08:13:22.000473644Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Open CASCADE Technology (OCCT) V800rc5 contains multiple vulnerabilities in its IGES and STEP file parsers that can be triggered by crafted IGES or STEP files. These issues include an out-of-bounds read in Geom2dBSplineCurve::EvalD0 during IGES B-spline curve evaluation, an out-of-bounds read in MakeBSplineCurveCommon during STEP B-spline curve construction, and infinite recursion in StepShape_OrientedEdge::EdgeStart when processing a self-referential OrientedEdge entity. Successful exploitation may result in denial of service or unintended memory disclosure.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/42xxx/CVE-2026-42481.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/open-cascade-sas/occt

Affected ranges

Type
GIT
Repo
https://github.com/open-cascade-sas/occt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Introduced
Last affected
Database specific
{
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ],
    "cpe": [
        "cpe:2.3:a:opencascade:open_cascade_technology:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:beta1:*:*:*:*:*:*",
        "cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc2:*:*:*:*:*:*",
        "cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc3:*:*:*:*:*:*",
        "cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc4:*:*:*:*:*:*",
        "cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc5:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.9.3"
        },
        {
            "introduced": "8.0.0-beta1"
        },
        {
            "last_affected": "8.0.0-beta1"
        },
        {
            "introduced": "8.0.0-rc1"
        },
        {
            "last_affected": "8.0.0-rc1"
        },
        {
            "introduced": "8.0.0-rc2"
        },
        {
            "last_affected": "8.0.0-rc2"
        },
        {
            "introduced": "8.0.0-rc3"
        },
        {
            "last_affected": "8.0.0-rc3"
        },
        {
            "introduced": "8.0.0-rc4"
        },
        {
            "last_affected": "8.0.0-rc4"
        },
        {
            "introduced": "8.0.0-rc5"
        },
        {
            "last_affected": "8.0.0-rc5"
        }
    ]
}

Affected versions

8.*
8.0.0-beta1
8.0.0-rc1
8.0.0-rc2
8.0.0-rc3
8.0.0-rc4
8.0.0-rc5
Other
V6_5_0
V6_5_1
V6_5_2
V6_5_3
V6_5_3_beta1
V6_5_4
V6_5_4_beta1
V6_6_0
V6_6_0_beta
V6_7_0
V6_7_0_beta
V6_8_0
V6_8_0_beta
V6_9_0
V6_9_0_beta
V6_9_0_beta1
V6_9_0_beta2
V7_0_0
V7_0_0_beta
V7_0_0rc
V7_1_0
V7_1_0_beta
V7_2_0
V7_2_0_beta
V7_3_0
V7_3_0_beta
V7_4_0
V7_4_0_beta
V7_5_0
V7_5_0_beta
V7_6_0
V7_7_0
V7_7_0_beta
V7_8_0
V7_9_0
V7_9_0_beta1
V7_9_0_beta2
V7_9_1
V7_9_2
V7_9_3
V8_0_0_rc1
V8_0_0_rc2
V8_0_0_rc3
V8_0_0_rc4
V8_0_0_rc5

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-42481.json"