CVE-2025-10996

A vulnerability was detected in Open Babel up to 3.1.1. This issue affects the function OBSmilesParser::ParseSmiles of the file /src/formats/smilesformat.cpp. Performing manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit is now public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
5.3 MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
openbabelopen_babel
𝑥
≤ 3.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/openbabel/openbabel/issues/2831
https://github.com/user-attachments/files/22318556/poc.zip
https://vuldb.com/?ctiid.325924
https://vuldb.com/?id.325924
https://vuldb.com/?submit.654060