Open CASCADE Technology Heap-Based Out-of-Bounds Read Vulnerability in OBJ File Parser Allowing Denial-of-Service and Information Disclosure

A heap-based out-of-bounds read vulnerability has been identified in the OBJ file parser of Open CASCADE Technology (OCCT) version 8.0.0 release candidate 5. This vulnerability allows user-assisted attackers to cause a denial-of-service or obtain sensitive information by persuading a victim to open a crafted OBJ file. The issue arises because the Standard_ReadLineBuffer::ReadLine() function can return a 1-byte buffer for minimal OBJ lines, and the RWObj_Reader::read() function calls pushIndices(aLine + 2) without validating the buffer length, leading to out-of-bounds memory access.

Impact

Exploitation of this vulnerability causes a heap-based out-of-bounds read, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by creating a minimal OBJ file that includes an index line crafted to be just 1 byte long. When this file is opened in Open CASCADE Technology, the RWObj_Reader::read() function will process the index line without proper length validation, causing a heap-based out-of-bounds read.