CVE-2025-3010 MEDIUM

CVE-2025-3010: Khronos Group glslang Intermediate.cpp isConversionAllowed null pointer dereference

Vendor Khronos Group
Product glslang
Weakness CWE-476
Published March 31, 2025
Last update March 31, 2025

CVSS base score

4.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, has been found in Khronos Group glslang 15.1.0. Affected by this issue is the function glslang::TIntermediate::isConversionAllowed of the file glslang/MachineIndependent/Intermediate.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

March 31, 2025 CVE published
March 31, 2025 Record updated