Primary

Context

Open Babel Null Pointer Dereference Vulnerability in PQS Format Parser

Vulnerability

A null pointer dereference vulnerability has been identified in Open Babel versions through 3.1.1. The issue arises in the PQSFormat::ReadMolecule function within the file PQSformat.cpp. This vulnerability allows local execution of crafted inputs that trigger the dereference, leading to a segmentation fault. The problem occurs because the lowerit function is called with a pointer that may be null or not properly formatted, without any prior validation.

Impact

Exploitation of this vulnerability causes a segmentation fault, crashing the program.

Reproduction

The vulnerability can be reproduced by compiling Open Babel with the Clang compiler, version 13.0.1, using specific flags that enable AddressSanitizer and UndefinedBehaviorSanitizer. After compiling the program, the fuzzer can be run with a crafted input file that exploits the null pointer dereference. The program will crash, and the AddressSanitizer will report the segmentation fault caused by the invalid memory access.

Added: Sep 26, 2025, 4:22 AM

Updated: Sep 26, 2025, 4:22 AM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.6

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.6

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open Babel Null Pointer Dereference Vulnerability in PQS Format Parser

Vulnerability

Impact

Reproduction

Affected Products

Open Babel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating