CVE-2025-3010

A vulnerability, which was classified as problematic, has been found in Khronos Group glslang 15.1.0. Affected by this issue is the function glslang::TIntermediate::isConversionAllowed of the file glslang/MachineIndependent/Intermediate.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

CVSS v3 3.3 LOW
CVSS v2.0 1.7 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.7^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 3.1 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/KhronosGroup/glslang/issues/3903
https://github.com/KhronosGroup/glslang/issues/3903#issue-2927492534
https://vuldb.com/?ctiid.302060
https://vuldb.com/?id.302060
https://vuldb.com/?submit.524561
https://github.com/KhronosGroup/glslang/issues/3903

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Se ha encontrado una vulnerabilidad clasificada como problemática en Khronos Group glslang 15.1.0. Este problema afecta a la función glslang::TIntermediate::isConversionAllowed del archivo glslang/MachineIndependent/Intermediate.cpp. Esta manipulación provoca la desreferenciación de punteros nulos. El ataque debe abordarse localmente. Se ha hecho público el exploit y puede que sea utilizado.

31 Mar 2025, 23:15

Type	Values Removed	Values Added
References	~~() https://github.com/KhronosGroup/glslang/issues/3903 -~~	() https://github.com/KhronosGroup/glslang/issues/3903 -

31 Mar 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-31 20:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-3010

Mitre link : CVE-2025-3010

CVE.ORG link : CVE-2025-3010

JSON object : View

Products Affected

No product.

CWE

CWE-404

Improper Resource Shutdown or Release

CWE-476

NULL Pointer Dereference

{"id": "CVE-2025-3010", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 1.7, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-03-31T20:15:16.023", "references": [{"url": "https://github.com/KhronosGroup/glslang/issues/3903", "source": "cna@vuldb.com"}, {"url": "https://github.com/KhronosGroup/glslang/issues/3903#issue-2927492534", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.302060", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.302060", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.524561", "source": "cna@vuldb.com"}, {"url": "https://github.com/KhronosGroup/glslang/issues/3903", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-404"}, {"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in Khronos Group glslang 15.1.0. Affected by this issue is the function glslang::TIntermediate::isConversionAllowed of the file glslang/MachineIndependent/Intermediate.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en Khronos Group glslang 15.1.0. Este problema afecta a la funci\u00f3n glslang::TIntermediate::isConversionAllowed del archivo glslang/MachineIndependent/Intermediate.cpp. Esta manipulaci\u00f3n provoca la desreferenciaci\u00f3n de punteros nulos. El ataque debe abordarse localmente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "cna@vuldb.com"}