HomeCVE Intelligence › CVE-2025-10996
CVSS 7.8 HIGH Vulnerability

CVE-2025-10996: Open Babel has heap buffer overflow in SMILES OBSmilesParser::ParseSmiles

Summary A memory-safety vulnerability in Open Babel's SMILES parser caused a heap buffer overflow when reading a crafted input string. Details The flaw was in OBSmilesParser::ParseSmiles. A malformed SMILES input caused…

7.8CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2025-10996
Vendorpip
Affected Productopenbabel
Vulnerability TypeVulnerability
CVSS Score7.8 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Summary A memory-safety vulnerability in Open Babel's SMILES parser caused a

heap buffer overflow when reading a crafted input string.

Details The flaw was in OBSmilesParser::ParseSmiles. A malformed SMILES

input caused the parser to write past the end of a heap-allocated buffer.

Impact Open Babel is a C++ library and CLI used to read and write chemistry

file formats; it is shipped by Linux distributions and embedded in services that may parse untrusted input. Triggering this vulnerability requires the victim to parse a malicious SMILES string with the obabel tool, the OBConversion API, or any of the language bindings (Python, Ruby, Java, R, Perl, C#, PHP). SMILES strings are commonly passed on the command line and through scripted pipelines, so this primitive is especial

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2025-10996 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence