Open CASCADE Technology IGES and STEP Parser Out-of-Bounds Read Vulnerability

A vulnerability allowing out-of-bounds read has been identified in Open CASCADE Technology (OCCT) version V8_0_0_rc5. This issue arises in the IGES and STEP file parsers, where crafted files can trigger the vulnerability. The out-of-bounds reads occur during the evaluation of B-spline curves and the processing of self-referential OrientedEdge entities. Exploitation of this vulnerability may lead to denial-of-service conditions or unintended memory disclosure.

Impact

Exploitation of this vulnerability causes out-of-bounds read conditions, which can lead to memory corruption issues such as heap or stack buffer overflows. These types of memory safety vulnerabilities can often be exploited to execute arbitrary code or cause a program to crash.

Reproduction

The vulnerability can be reproduced by fuzzing the OCCT V8_0_0_rc5 release with crafted IGES or STEP files that exploit the out-of-bounds read conditions in the B-spline curve evaluations and the OrientedEdge entity processing.