GHSA-J35X-W4GJ-PF7W

Vulnerability from github – Published: 2026-06-30 21:27 – Updated: 2026-06-30 21:27
VLAI
Summary
Open Babel has heap buffer overflow in SMILES OBSmilesParser::ParseSmiles
Details

Summary

A memory-safety vulnerability in Open Babel's SMILES parser caused a heap buffer overflow when reading a crafted input string.

Details

The flaw was in OBSmilesParser::ParseSmiles. A malformed SMILES input caused the parser to write past the end of a heap-allocated buffer.

Impact

Open Babel is a C++ library and CLI used to read and write chemistry file formats; it is shipped by Linux distributions and embedded in services that may parse untrusted input. Triggering this vulnerability requires the victim to parse a malicious SMILES string with the obabel tool, the OBConversion API, or any of the language bindings (Python, Ruby, Java, R, Perl, C#, PHP). SMILES strings are commonly passed on the command line and through scripted pipelines, so this primitive is especially reachable.

Affected versions

All releases up to and including 3.1.1.

Patched version

3.2.0 (released 2026-05-26).

Patch

Fix commit: https://github.com/openbabel/openbabel/commit/b34cd604 Originally reported as #2831; fixes consolidated in #2913.

A minimized reproducer for this CVE is checked in under test/files/fuzz_regress/ and is exercised on every CI build under ASAN+UBSAN by the fuzzregresstest harness.

Credit

Reported via OSS-Fuzz.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "openbabel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-10996"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-30T21:27:29Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\n\nA memory-safety vulnerability in Open Babel\u0027s SMILES parser caused a\nheap buffer overflow when reading a crafted input string.\n\n### Details\n\nThe flaw was in `OBSmilesParser::ParseSmiles`. A malformed SMILES\ninput caused the parser to write past the end of a heap-allocated\nbuffer.\n\n### Impact\n\nOpen Babel is a C++ library and CLI used to read and write chemistry\nfile formats; it is shipped by Linux distributions and embedded in\nservices that may parse untrusted input. Triggering this vulnerability\nrequires the victim to parse a malicious SMILES string with the\n`obabel` tool, the `OBConversion` API, or any of the language\nbindings (Python, Ruby, Java, R, Perl, C#, PHP). SMILES strings are\ncommonly passed on the command line and through scripted pipelines,\nso this primitive is especially reachable.\n\n### Affected versions\n\nAll releases up to and including 3.1.1.\n\n### Patched version\n\n3.2.0 (released 2026-05-26).\n\n### Patch\n\nFix commit: https://github.com/openbabel/openbabel/commit/b34cd604\nOriginally reported as #2831; fixes consolidated in #2913.\n\nA minimized reproducer for this CVE is checked in under\n`test/files/fuzz_regress/` and is exercised on every CI build under\nASAN+UBSAN by the `fuzzregresstest` harness.\n\n### Credit\n\nReported via OSS-Fuzz.",
  "id": "GHSA-j35x-w4gj-pf7w",
  "modified": "2026-06-30T21:27:29Z",
  "published": "2026-06-30T21:27:29Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openbabel/openbabel/security/advisories/GHSA-j35x-w4gj-pf7w"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10996"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openbabel/openbabel/issues/2831"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openbabel/openbabel/pull/2913"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openbabel/openbabel/commit/b34cd604"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openbabel/openbabel"
    },
    {
      "type": "WEB",
      "url": "https://github.com/user-attachments/files/22318556/poc.zip"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.325924"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.325924"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.654060"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Open Babel has heap buffer overflow in SMILES OBSmilesParser::ParseSmiles"
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…