CVE-2025-10994

NameCVE-2025-10994
DescriptionA weakness has been identified in Open Babel up to 3.1.1. This affects the function GAMESSOutputFormat::ReadMolecule of the file gamessformat.cpp. This manipulation causes use after free. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be exploited.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1116462

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
openbabel (PTS)bullseye3.1.1+dfsg-6vulnerable
bookworm3.1.1+dfsg-9vulnerable
forky, sid, trixie3.1.1+dfsg-12vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openbabelsource(unstable)(unfixed)1116462

Notes

[bullseye] - openbabel <postponed> (Minor issue)
https://github.com/openbabel/openbabel/issues/2834
Search for package or bug name: Reporting problems