opencascade - Debian Package Tracker

general

source: opencascade (main)
version: 7.9.2+dfsg-4
maintainer: Debian Science Maintainers (archive) (DMD)
uploaders: Tobias Frost [DMD] – Kurt Kremitzki [DMD]
arch: all any
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 7.5.1+dfsg1-2
oldstable: 7.6.3+dfsg1-7
stable: 7.8.1+dfsg1-3
testing: 7.9.2+dfsg-4
unstable: 7.9.2+dfsg-4

versioned links

7.5.1+dfsg1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.6.3+dfsg1-7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.8.1+dfsg1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.9.2+dfsg-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libocct-data-exchange-7.9
libocct-data-exchange-dev
libocct-doc
libocct-draw-7.9
libocct-draw-dev
libocct-foundation-7.9
libocct-foundation-dev
libocct-ivtk-7.9
libocct-ivtk-dev
libocct-modeling-algorithms-7.9
libocct-modeling-algorithms-dev
libocct-modeling-data-7.9
libocct-modeling-data-dev
libocct-ocaf-7.9
libocct-ocaf-dev
libocct-visualization-7.9
libocct-visualization-dev
occt-draw
occt-misc

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In watchfile debian/watch, reading webpage
  https://git.dev.opencascade.org/gitweb/?p=occt.git;a=tags failed: 502 Bad Gateway

Created: 2025-12-20 Last update: 2026-05-07 05:01

6 security issues in trixie high

There are 6 open security issues in trixie.

6 important issues:

CVE-2026-42476: Two heap-based out-of-bounds read vulnerabilities in the STL ASCII file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 exist in RWStl_Reader::ReadAscii because buffers returned by Standard_ReadLineBuffer::ReadLine() are not properly length-validated before strncasecmp or direct byte access. User-assisted attackers can trigger these issues by persuading a victim to open a crafted STL file with extremely short lines, resulting in a denial of service or possible information disclosure.
CVE-2026-42477: A heap-based out-of-bounds read vulnerability in RWObj_Reader::read in the OBJ file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows user-assisted attackers to cause a denial of service or obtain sensitive information by persuading a victim to open a crafted OBJ file. The issue occurs because Standard_ReadLineBuffer::ReadLine() can return a 1-byte buffer for a minimal OBJ line, and RWObj_Reader::read() calls pushIndices(aLine + 2) without validating the buffer length.
CVE-2026-42478: An issue was discovered in VrmlData_IndexedFaceSet::TShape in the VRML V2.0 parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because malformed VRML input can trigger dereference of a corrupt or unvalidated pointer during shape construction in libTKDEVRML.so.
CVE-2026-42479: An out-of-bounds read vulnerability in VrmlData_IndexedLineSet::TShape in the VRML parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because coordIndex values from parsed input are used as direct array indices without validation against the size of the coordinate array during geometry processing.
CVE-2026-42480: A stack-based out-of-bounds read vulnerability in VrmlData_Scene::ReadLine in the VRML parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because the quoted-string escape handler uses ptr[++anOffset] without proper bounds checking, which can read past the end of a fixed-size stack buffer.
CVE-2026-42481: Open CASCADE Technology (OCCT) V8_0_0_rc5 contains multiple vulnerabilities in its IGES and STEP file parsers that can be triggered by crafted IGES or STEP files. These issues include an out-of-bounds read in Geom2d_BSplineCurve::EvalD0 during IGES B-spline curve evaluation, an out-of-bounds read in MakeBSplineCurveCommon during STEP B-spline curve construction, and infinite recursion in StepShape_OrientedEdge::EdgeStart when processing a self-referential OrientedEdge entity. Successful exploitation may result in denial of service or unintended memory disclosure.