CVE-2025-11000: 
Linux Debian vulnerability analysis and mitigation

A vulnerability (CVE-2025-11000) was identified in Open Babel versions up to 3.1.1, affecting the PQSFormat::ReadMolecule function in /src/formats/PQSformat.cpp. The vulnerability was discovered and disclosed on September 26, 2025, and involves a null pointer dereference issue that can be triggered through local execution (VulDB).

The vulnerability occurs in the PQSFormat::ReadMolecule function where the lowerit(char*) method is called with an invalid pointer, either null or not pointing to a valid null-terminated buffer. This leads to a null pointer dereference condition. The vulnerability has received a CVSS v4.0 score of 4.8 (Medium) with vector CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P, and a CVSS v3.1 score of 3.3 (Low) with vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L (VulDB).

The vulnerability can result in program crashes through null pointer dereference, potentially leading to denial of service conditions. The attack requires local execution privileges and primarily affects the availability of the system, with no direct impact on confidentiality or integrity (VulDB).