Open CASCADE Technology VRML Parser Stack-Based Out-of-Bounds Read Vulnerability Allowing Denial-of-Service

A stack-based out-of-bounds read vulnerability has been identified in the VRML parser of Open CASCADE Technology (OCCT) version 8.0.0 release candidate 5. This vulnerability allows attackers to cause a denial-of-service by exploiting the way quoted-string escape handling reads data without proper bounds checking, leading to a read past the end of a fixed-size stack buffer. The issue arises in the 'VrmlData_Scene::ReadLine' function, where the escape handler improperly manages string lengths, creating the potential for stack memory corruption.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by leading to a stack-based out-of-bounds read, which can disrupt normal application operation and potentially be exploited to execute arbitrary code.

Reproduction

The vulnerability can be reproduced by crafting a VRML file that includes a quoted string escape longer than 8376 bytes. When this file is processed by the Open CASCADE Technology VRML parser, the 'VrmlData_Scene::ReadLine' function will read past the end of its allocated stack buffer, causing a stack-based out-of-bounds read.