| Title | Open Babel 3.1.1 / master commit 889c350 Use After Free |
|---|
| Description | Open Babel version 3.1.1 (and the latest development branch, commit 889c350) is vulnerable to a heap-use-after-free in the GAMESSOutputFormat::ReadMolecule function. When parsing crafted GAMESS output files, the parser calls OpenBabel::tokenize to split input lines into tokens and then converts one token into an integer using atoi. However, the token string buffer is freed when the token vector is cleared, leaving atoi/strtol with a dangling pointer. This results in a use-after-free and can lead to memory corruption and potential code execution if exploited with a malicious input file. The vulnerability is triggered during file conversion with the fuzz target fuzz_convert but affects the core library functions used in normal conversions as well. |
|---|
| Source | ⚠️ https://github.com/openbabel/openbabel/issues/2834 |
|---|
| User | ahuo (UID 90189) |
|---|
| Submission | 09/14/2025 09:57 (7 months ago) |
|---|
| Moderation | 09/25/2025 20:05 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 325922 [Open Babel up to 3.1.1 gamessformat.cpp ReadMolecule use after free] |
|---|
| Points | 20 |
|---|