Threat Advisory

Open Babel Vulnerability Breaks ChemKin Species Processing

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]


EXECUTIVE SUMMARY:

CVE-2025-10997 with a CVSS score of 7.8 is a memory safety vulnerability affecting the Open Babel chemical data library in all versions. This technical issue arises from a heap buffer overflow within the ChemKinFormat::CheckSpecies function, where the software improperly restricts operations within the bounds of a memory buffer when parsing specific file formats. An attacker can exploit this flaw locally by submitting a specially crafted ChemKin input file designed to trigger the parsing error through the obabel tool or various language bindings. Upon successful exploitation, the attacker gains the capability to write past the end of a heap-allocated buffer, which may result in arbitrary code execution or a denial of service condition. The business impact of this vulnerability includes potential system instability and the compromise of data integrity for organizations that rely on this library to process untrusted chemistry files. Exploitation is contingent upon a local user with low privileges opening the malicious file, highlighting the risk of processing untrusted inputs without proper validation.[/subscribe_to_unlock_form]


EXECUTIVE SUMMARY:

CVE-2025-10997 with a CVSS score of 7.8 is a memory safety vulnerability affecting the Open Babel chemical data library in all versions. This technical issue arises from a heap buffer overflow within the ChemKinFormat::CheckSpecies function, where the software improperly restricts operations within the bounds of a memory buffer when parsing specific file formats. An attacker can exploit this flaw locally by submitting a specially crafted ChemKin input file designed to trigger the parsing error through the obabel tool or various language bindings. Upon successful exploitation, the attacker gains the capability to write past the end of a heap-allocated buffer, which may result in arbitrary code execution or a denial of service condition. The business impact of this vulnerability includes potential system instability and the compromise of data integrity for organizations that rely on this library to process untrusted chemistry files. Exploitation is contingent upon a local user with low privileges opening the malicious file, highlighting the risk of processing untrusted inputs without proper validation.[emaillocker id="1283"]

 

RECOMMENDATION:

  • We recommend you to update openbabel to version 3.2.0 or later.

 

REFERENCES:

The following reports contain further technical details:
https://github.com/advisories/GHSA-8wq6-qh76-wpv9

[/emaillocker]
crossmenu