CVE-2025-45333: 
Linux Debian vulnerability analysis and mitigation

A Null Pointer Dereference (NPD) vulnerability was discovered in berkeley-abc abc version 1.1, specifically in the Abc_NtkCecFraigPart function of its data processing module. The vulnerability was discovered by WeiBin Qiu and was disclosed on June 23, 2025 (GitHub Gist, GitHub PR).

The vulnerability occurs in the base/abci/abcVerify.c file within the AbcNtkCecFraigPart function. The null pointer dereference happens when pMiterPart is explicitly set to NULL, and subsequently, when RetValue equals 0, the code attempts to dereference pMiterPart->pModel in the function call AbcNtkVerifySimulatePattern(pMiterPart, pMiterPart->pModel). This leads to an invalid memory access. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability leads to unpredictable program behavior, causing segmentation faults and program crashes. This can result in denial of service conditions for applications relying on the abc software (Wiz).

The vulnerability has been fixed through a pull request (#383) to the berkeley-abc repository. Users should update to the patched version of the software that includes this fix (GitHub PR).