Summary A memory-safety vulnerability in Open Babel's SMILES parser caused a heap buffer overflow when reading a crafted input string. Details The flaw was in OBSmilesParser::ParseSmiles. A malformed SMILES input caused…
| CVE ID | CVE-2025-10996 |
| Vendor | pip |
| Affected Product | openbabel |
| Vulnerability Type | Vulnerability |
| CVSS Score | 7.8 (HIGH) |
| Actively Exploited | ❌ No known exploitation |
| Patch Status | See Vendor Advisory → |
| Reported By | CYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories) |
#
heap buffer overflow when reading a crafted input string.
OBSmilesParser::ParseSmiles. A malformed SMILESinput caused the parser to write past the end of a heap-allocated buffer.
file formats; it is shipped by Linux distributions and embedded in services that may parse untrusted input. Triggering this vulnerability requires the victim to parse a malicious SMILES string with the obabel tool, the OBConversion API, or any of the language bindings (Python, Ruby, Java, R, Perl, C#, PHP). SMILES strings are commonly passed on the command line and through scripted pipelines, so this primitive is especial
Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.