CVE-2025-10997 | THREATINT

Description

A flaw has been found in Open Babel up to 3.1.1. Impacted is the function ChemKinFormat::CheckSpecies of the file /src/formats/chemkinformat.cpp. Executing manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used.

Es wurde eine Schwachstelle in Open Babel up to 3.1.1 entdeckt. Betroffen davon ist die Funktion ChemKinFormat::CheckSpecies der Datei /src/formats/chemkinformat.cpp. Mittels dem Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal durchgeführt werden. Der Exploit steht zur öffentlichen Verfügung.

PUBLISHED Reserved 2025-09-25 | Published 2025-09-26 | Updated 2025-09-26 | Assigner VulDB

MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

MEDIUM: 5.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

MEDIUM: 5.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

4.3AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Heap-based Buffer Overflow

Memory Corruption

Timeline

2025-09-25:	Advisory disclosed
2025-09-25:	VulDB entry created
2025-09-25:	VulDB entry last update

Credits

ahuo (VulDB User) reporter

References

vuldb.com/?id.325925 (VDB-325925 | Open Babel chemkinformat.cpp CheckSpecies heap-based overflow) vdb-entry technical-description

vuldb.com/?ctiid.325925 (VDB-325925 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.654062 (Submit #654062 | Open Babel 3.1.1 / master commit 889c350 Heap-based Buffer Overflow) third-party-advisory

github.com/openbabel/openbabel/issues/2830 issue-tracking

github.com/user-attachments/files/22318543/poc.zip exploit

cve.org (CVE-2025-10997)

nvd.nist.gov (CVE-2025-10997)

Download JSON