CVE-2025-10997: 
Linux Debian vulnerability analysis and mitigation

CVE-2025-10997 is a heap-based buffer overflow vulnerability discovered in Open Babel versions up to 3.1.1. The vulnerability specifically affects the ChemKinFormat::CheckSpecies function located in the /src/formats/chemkinformat.cpp file. The vulnerability was disclosed on September 14, 2025 (GitHub Issue).

The vulnerability occurs in the ChemKinFormat::CheckSpecies function when calling std::map::find. The issue arises when a malformed or unchecked string from input is used as the lookup key, which becomes corrupted and leads to an out-of-bounds read inside the map's internal data structure. The vulnerability has been assigned a CVSS v4.0 score of 4.8 (Medium) with the vector string CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P, and a CVSS v3.1 score of 5.3 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L (NVD).

The vulnerability allows for heap-based buffer overflow, which could potentially lead to memory corruption. The attack can only be executed locally, with low privileges required. The impact affects confidentiality, integrity, and availability, all rated as Low according to the CVSS metrics (NVD).