CVE-2026-42478
Essential information
- Published
- 01/05/2026 15:16
- Modified
- 01/05/2026 19:16
- Author
- —
- Creator
- —
- CVSS
- 7.5 HIGH (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Privileges required
- NONE
- User interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality impact
- NONE
- Integrity impact
- NONE
- Availability impact
- HIGH
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
An issue was discovered in VrmlData_IndexedFaceSet::TShape in the VRML V2.0 parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because malformed VRML input can trigger dereference of a corrupt or unvalidated pointer during shape construction in libTKDEVRML.so.
NVD status
- Status
- Modified — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| opencascade / open cascade technology | cpe:2.3:a:opencascade:open_cascade_technology:*:*:*:*:*:*:*:* |
| opencascade / open cascade technology | cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:beta1:*:*:*:*:*:* |
| opencascade / open cascade technology | cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc1:*:*:*:*:*:* |
| opencascade / open cascade technology | cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc2:*:*:*:*:*:* |
| opencascade / open cascade technology | cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc3:*:*:*:*:*:* |
| opencascade / open cascade technology | cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc4:*:*:*:*:*:* |
| opencascade / open cascade technology | cpe:2.3:a:opencascade:open_cascade_technology:8.0.0:rc5:*:*:*:*:*:* |