CVE-2025-45332
BaseFortify
Publication date: 2025-06-25
Last updated on: 2025-07-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vkoskiv | c-ray | 1.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a null pointer dereference in the c-ray 1.1 software, specifically in the parse_mtllib function that processes material library files. A pointer named 'current' is initialized to NULL but is later dereferenced without checking if it is non-NULL. When the parser encounters a line starting with 'Ni' (index of refraction), it tries to assign a value to current->IOR. If 'current' has not been properly assigned to a valid material structure, dereferencing it causes a crash or undefined behavior, leading to program instability or denial of service. [1, 2]
How can this vulnerability impact me? :
This vulnerability can cause the program to crash or behave unpredictably when processing malformed or unexpected material files. This can lead to denial of service, where the application stops functioning correctly, potentially interrupting workflows or services that rely on c-ray 1.1 for data processing. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by analyzing the c-ray 1.1 program's behavior when processing material library files, specifically looking for crashes or segmentation faults caused by null pointer dereferences in the parse_mtllib function. Detection tools for null-pointer dereferences can be used, as the issue was discovered using such a tool followed by manual code review. While no specific commands are provided, using debugging tools like gdb to trace segmentation faults or static analysis tools to detect null pointer dereferences in the source code could help identify the vulnerability. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of malformed or unexpected material library files that might trigger the null pointer dereference in the parse_mtllib function. Additionally, updating to a patched version of c-ray where the null pointer check is implemented before dereferencing the 'current' pointer would be necessary. If a patch is not yet available, applying manual code fixes to add null checks before dereferencing pointers in the parse_mtllib function can prevent crashes. [1, 2]