Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-10998
CVE-2025-10998:
Linux Debian vulnerability analysis and mitigation
Overview
A vulnerability has been identified in Open Babel versions up to 3.1.1 (CVE-2025-10998). The vulnerability affects the ChemKinFormat::ReadReactionQualifierLines function in the /src/formats/chemkinformat.cpp file, which can lead to a null pointer dereference. This security issue was disclosed on September 25, 2025 (NVD).
Technical details
The vulnerability is caused by improper validation of buffer lengths in the ChemKinFormat::ReadReactionQualifierLines function. The function assumes a non-null std::string when calling c_str() for token comparison and processing, but with malformed input, a null pointer can reach this code path, leading to a null pointer dereference. The vulnerability has been assigned a CVSS v4.0 score of 4.8 (Medium) with vector string CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P, and a CVSS v3.1 score of 3.3 (Low) (NVD).
Impact
The vulnerability can result in a null pointer dereference, which could lead to a program crash or denial of service condition. The attack can only be performed from a local environment, limiting its potential impact (NVD).
Additional resources
Source: This report was generated using AI
Related Linux Debian vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management