Open Babel, Out-of-bounds Read, CVE-2025-11000 (Medium) -DC-Jul2026-769

Listen to this Post

A memory‑safety vulnerability exists in Open Babel’s PQS (Parallel Quantum Solutions) file format parser, identified as CVE‑2025‑11000. The flaw resides in the internal helper function lowerit(char), which is called during the parsing of PQS input. This function is used to convert a string to lowercase in‑place, but it assumes that the input pointer always points to a valid, null‑terminated buffer of sufficient length. When processing a malformed PQS file, the parser can supply a pointer that either is `nullptr` or references an invalid, non‑null‑terminated buffer. Because `lowerit` performs no validation before iterating over the characters, it reads one or more bytes before the start of the intended buffer (a pre‑buffer out‑of‑bounds read). This read can access arbitrary memory locations, potentially leaking sensitive information or causing a crash (segmentation fault). The vulnerability is triggered simply by opening a crafted `.pqs` file with the `obabel` command‑line tool, the `OBConversion` API, or any of the language bindings (Python, Ruby, Java, R, Perl, C, PHP). All releases up to and including 3.1.1 are affected. The issue was reported via OSS‑Fuzz and fixed in version 3.2.0, released on 2026‑05‑26, with the patch commit openbabel/openbabel@f4a5ebae. A minimized reproducer is checked into the test suite (test/files/fuzz_regress/) and is exercised under ASAN+UBSAN on every CI build via the `fuzzregresstest` harness.

DailyCVE Form:

Platform: Linux, Windows, macOS
Version: ≤ 3.1.1
Vulnerability: Out‑of‑bounds read (pre‑buffer)
Severity: Medium (CVSS 5.5)
date: 2025‑09‑26

Prediction: 2026‑05‑26

What Undercode Say:

Check installed Open Babel version
obabel --version
Trigger the vulnerability with a malformed PQS file
obabel -ipqs malicious.pqs -osmi
Example Python script using OBConversion API
from openbabel import openbabel as ob
conv = ob.OBConversion()
conv.SetInFormat("pqs")
mol = ob.OBMol()
conv.ReadFile(mol, "malicious.pqs") out‑of‑bounds read occurs here

Exploit:

An attacker crafts a PQS file that causes the `lowerit` helper to receive a pointer to a buffer that is not properly null‑terminated. When `lowerit` iterates through the characters, it continues reading backwards in memory, potentially exposing heap or stack data. The exploit requires local access (the victim must open the malicious file), but the attack complexity is low and no special privileges are needed. Public proof‑of‑concept files are available in the Open Babel regression test suite.

Protection:

  • Upgrade to Open Babel 3.2.0 or later, which includes the fix commit f4a5ebae.
  • If upgrading is not immediately possible, avoid opening untrusted PQS files with any Open Babel interface.
  • Downstream distributors (Debian, Ubuntu, etc.) are expected to backport the patch; check your package manager for updated packages.

Impact:

  • Confidentiality: Out‑of‑bounds reads can leak sensitive memory contents (e.g., other program data, stack canaries, or cryptographic material).
  • Availability: The read may trigger a segmentation fault, causing a denial of service (application crash).
  • Scope: The vulnerability affects all platforms where Open Babel is used, including Linux distributions, Windows, macOS, and any service that embeds the library to parse chemistry files from untrusted sources.

🎯Let’s Practice Exploiting & Learn Patching For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top