Source: opencascade X-Debbugs-CC: [email protected] Severity: important Tags: security
Hi, The following vulnerabilities were published for opencascade. CVE-2026-42476[0]: | Two heap-based out-of-bounds read vulnerabilities in the STL ASCII | file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 exist in | RWStl_Reader::ReadAscii because buffers returned by | Standard_ReadLineBuffer::ReadLine() are not properly length- | validated before strncasecmp or direct byte access. User-assisted | attackers can trigger these issues by persuading a victim to open a | crafted STL file with extremely short lines, resulting in a denial | of service or possible information disclosure. CVE-2026-42477[1]: | A heap-based out-of-bounds read vulnerability in RWObj_Reader::read | in the OBJ file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 | allows user-assisted attackers to cause a denial of service or | obtain sensitive information by persuading a victim to open a | crafted OBJ file. The issue occurs because | Standard_ReadLineBuffer::ReadLine() can return a 1-byte buffer for a | minimal OBJ line, and RWObj_Reader::read() calls pushIndices(aLine + | 2) without validating the buffer length. CVE-2026-42478[2]: | An issue was discovered in VrmlData_IndexedFaceSet::TShape in the | VRML V2.0 parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows | attackers to cause a denial of service via a crafted VRML file. The | issue occurs because malformed VRML input can trigger dereference of | a corrupt or unvalidated pointer during shape construction in | libTKDEVRML.so. CVE-2026-42479[3]: | An out-of-bounds read vulnerability in | VrmlData_IndexedLineSet::TShape in the VRML parser in Open CASCADE | Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of | service via a crafted VRML file. The issue occurs because coordIndex | values from parsed input are used as direct array indices without | validation against the size of the coordinate array during geometry | processing. CVE-2026-42480[4]: | A stack-based out-of-bounds read vulnerability in | VrmlData_Scene::ReadLine in the VRML parser in Open CASCADE | Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of | service via a crafted VRML file. The issue occurs because the | quoted-string escape handler uses ptr[++anOffset] without proper | bounds checking, which can read past the end of a fixed-size stack | buffer. CVE-2026-42481[5]: | Open CASCADE Technology (OCCT) V8_0_0_rc5 contains multiple | vulnerabilities in its IGES and STEP file parsers that can be | triggered by crafted IGES or STEP files. These issues include an | out-of-bounds read in Geom2d_BSplineCurve::EvalD0 during IGES | B-spline curve evaluation, an out-of-bounds read in | MakeBSplineCurveCommon during STEP B-spline curve construction, and | infinite recursion in StepShape_OrientedEdge::EdgeStart when | processing a self-referential OrientedEdge entity. Successful | exploitation may result in denial of service or unintended memory | disclosure. It's unclear whether this has been properly reported upstream: https://gist.github.com/sgInnora/dfba083d04906283e9c92aea78e2d94a If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-42476 https://www.cve.org/CVERecord?id=CVE-2026-42476 [1] https://security-tracker.debian.org/tracker/CVE-2026-42477 https://www.cve.org/CVERecord?id=CVE-2026-42477 [2] https://security-tracker.debian.org/tracker/CVE-2026-42478 https://www.cve.org/CVERecord?id=CVE-2026-42478 [3] https://security-tracker.debian.org/tracker/CVE-2026-42479 https://www.cve.org/CVERecord?id=CVE-2026-42479 [4] https://security-tracker.debian.org/tracker/CVE-2026-42480 https://www.cve.org/CVERecord?id=CVE-2026-42480 [5] https://security-tracker.debian.org/tracker/CVE-2026-42481 https://www.cve.org/CVERecord?id=CVE-2026-42481 Please adjust the affected versions in the BTS as needed. -- debian-science-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
