Open CASCADE Technology Heap-Based Out-of-Bounds Read Vulnerability in STL ASCII File Parser

A heap-based out-of-bounds read vulnerability has been identified in the STL ASCII file parser of Open CASCADE Technology (OCCT) versions through 7.8.1 and the master branch prior to commit c540f316. The vulnerability arises in the 'RWStl_Reader::ReadAscii' function, where buffers returned by 'Standard_ReadLineBuffer::ReadLine()' are not properly validated for length before being accessed. This flaw can be exploited by user-assisted attackers who convince a victim to open a specially crafted STL file containing extremely short lines. The result is a denial-of-service condition or potential information disclosure.

Impact

Exploitation of this vulnerability leads to a heap-based out-of-bounds read, which can cause memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by creating an STL file that includes very short lines. When this file is opened with Open CASCADE Technology, the 'RWStl_Reader::ReadAscii' function will read beyond the allocated buffer, causing a heap-based out-of-bounds read.

Remediation

Users are advised to update to the latest version of Open CASCADE Technology where this vulnerability has been addressed.