Home

Description

A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit is publicly available and might be used. The name of the patch is e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. It is best practice to apply a patch to resolve this issue.

PUBLISHED Reserved 2026-03-01 | Published 2026-03-02 | Updated 2026-03-02 | Assigner VulDB




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
MEDIUM: 4.3CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
5.0AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C

Problem types

NULL Pointer Dereference

Denial of Service

Timeline

2026-03-01:Advisory disclosed
2026-03-01:VulDB entry created
2026-03-01:VulDB entry last update

Credits

Oneafter (VulDB User) reporter

References

vuldb.com/?id.348303 (VDB-348303 | Open Babel CDXML File atom.cpp GetExplicitValence null pointer dereference) vdb-entry technical-description

vuldb.com/?ctiid.348303 (VDB-348303 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.763756 (Submit #763756 | openbabel Open Babel 3.1.1 and master-branch NULL Pointer Dereference) third-party-advisory

github.com/openbabel/openbabel/issues/2848 issue-tracking

github.com/openbabel/openbabel/pull/2862 issue-tracking patch

github.com/oneafter/0128/blob/main/ob3/repro.cdxml exploit

github.com/...ommit/e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a patch

cve.org (CVE-2026-3408)

nvd.nist.gov (CVE-2026-3408)

Download JSON