CVE-2026-42478 | THREATINT

Description

An issue was discovered in VrmlData_IndexedFaceSet::TShape in the VRML V2.0 parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because malformed VRML input can trigger dereference of a corrupt or unvalidated pointer during shape construction in libTKDEVRML.so.

PUBLISHED Reserved 2026-04-27 | Published 2026-05-01 | Updated 2026-05-01 | Assigner mitre

References

gist.github.com/sgInnora/dfba083d04906283e9c92aea78e2d94a

cve.org (CVE-2026-42478)

nvd.nist.gov (CVE-2026-42478)

Download JSON