CVE-2025-3010: 
Linux Debian vulnerability analysis and mitigation

A vulnerability (CVE-2025-3010) has been identified in Khronos Group glslang version 15.1.0. The issue affects the function glslang::TIntermediate::isConversionAllowed in the file glslang/MachineIndependent/Intermediate.cpp. This vulnerability was disclosed on March 31, 2025, and is classified as problematic due to a null pointer dereference issue (NVD, GitHub Issue).

The vulnerability is caused by a null pointer dereference in the glslang::TIntermediate::isConversionAllowed function. The issue occurs when the function fails to validate the 'node' parameter before attempting to call node->getBasicType(), resulting in a potential null pointer dereference. According to the CVSS v4.0 scoring, it has received a medium severity score of 4.8, with the vector string CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N (NVD).

The vulnerability can lead to application crashes when processing certain files, affecting the stability of applications using the glslang library. The attack requires local access to be executed, and while the impact is primarily limited to availability through crashes, it represents a reliability concern for systems utilizing the affected version (GitHub Issue).