Open Babel NULL Pointer Dereference Vulnerability in CDXML File Handler

A NULL pointer dereference vulnerability has been identified in Open Babel versions through 3.1.1. The issue arises in the CDXML File Handler, specifically within the OBAtom::GetExplicitValence function in isrc/atom.cpp. This vulnerability can be exploited remotely, leading to a segmentation fault as the program attempts to access a member of a NULL pointer, causing a crash.

Impact

Exploitation of this vulnerability leads to a segmentation fault, causing the application to crash. This behavior is typical of a NULL pointer dereference, where the program tries to access memory through a pointer that is NULL, resulting in a crash or abnormal termination of the application.

Reproduction

The vulnerability can be reproduced by building Open Babel with Clang as the compiler, in release mode with AddressSanitizer (ASan) enabled. After setting the appropriate environment variables to configure the ASan runtime, the 'obabel' command-line tool can be used to convert a malformed CDXML file. This process triggers the vulnerability by causing the application to attempt to read data from a NULL pointer, which leads to a crash.

Remediation

Users are advised to update to the latest version of Open Babel, where this vulnerability has been fixed.