Open Babel Null Pointer Dereference Vulnerability in ChemKin Format Parser

A null pointer dereference vulnerability has been identified in Open Babel versions through 3.1.1. The issue arises in the ChemKin format parser, specifically within the function ChemKinFormat::ReadReactionQualifierLines in chemkinformat.cpp. This vulnerability allows for a segmentation fault, causing a denial-of-service condition, when the parser processes specially crafted ChemKin input that leads to a null or invalid string being dereferenced. The vulnerability requires local access to exploit.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a denial-of-service condition by crashing the application.

Reproduction

The vulnerability can be reproduced by compiling Open Babel with the Clang compiler, version 13.0.1, using specific flags to enable AddressSanitizer and UndefinedBehaviorSanitizer. After compiling the application, the fuzzer can be used to test the 'fuzz_convert' command with a proof-of-concept file that triggers the null pointer dereference. This process can be automated with a script that prepares the input file and runs the fuzzer.