<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Cpe:2.3:a:openbabel:open_babel:3.1.1:*:*:*:*:*:*:* - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/cpes/cpe2.3aopenbabelopen_babel3.1.1/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Fri, 03 Jul 2026 12:54:02 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/cpes/cpe2.3aopenbabelopen_babel3.1.1/feed.xml" rel="self" type="application/rss+xml"/><item><title>Open Babel Uninitialized Pointer Dereference Vulnerability (CVE-2022-42885)</title><link>https://feed.craftedsignal.io/briefs/2026-07-open-babel-uninitialized-ptr-deref/</link><pubDate>Fri, 03 Jul 2026 12:54:02 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-open-babel-uninitialized-ptr-deref/</guid><description>A high-severity memory-safety vulnerability (CVE-2022-42885) in Open Babel's GRO residue parser allows an uninitialized pointer dereference when processing a specially crafted GRO input file, potentially leading to application crash or arbitrary code execution.</description><content:encoded><![CDATA[<p>Open Babel, a widely used C++ library and CLI tool for chemical file format conversions, is affected by a high-severity memory-safety vulnerability, CVE-2022-42885. Discovered in the GRO residue parser, this flaw allows an uninitialized pointer dereference when processing a specially crafted GRO input file. The vulnerability affects all versions up to and including 3.1.1 and was publicly disclosed with a patch in version 3.2.0 on May 26, 2026. Reported by Cisco TALOS, this issue impacts systems where Open Babel's <code>obabel</code> tool, <code>OBConversion</code> API, or its various language bindings (Python, Ruby, Java, R, Perl, C#, PHP) are used to parse untrusted GRO files. Exploitation can lead to application crashes or potentially arbitrary code execution, posing a significant risk to data processing workflows in chemistry and related scientific fields.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker crafts a malicious GRO file specifically designed with a malformed residue record to exploit CVE-2022-42885.</li>
<li>The attacker delivers this malicious GRO file to a target system, potentially via social engineering tactics such as email attachment or by embedding it within a seemingly legitimate data set.</li>
<li>A user or an automated process on the target system opens or attempts to parse the malicious GRO file using the <code>obabel</code> CLI tool, an application leveraging Open Babel's <code>OBConversion</code> API, or one of its language bindings (e.g., Python, Java).</li>
<li>During the parsing of the malformed record, Open Babel's GRO reader attempts to access a residue pointer that has not been properly initialized.</li>
<li>This uninitialized pointer dereference leads to a memory access violation within the process.</li>
<li>The memory access violation results in the application crashing (denial of service) or, in a more severe scenario, allows the attacker to achieve arbitrary code execution on the host system.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>This vulnerability impacts systems that utilize Open Babel, particularly those that process GRO chemical file format data from untrusted sources. Since Open Babel is commonly shipped by Linux distributions and embedded in scientific services, a broad range of research institutions, academic organizations, and industrial entities could be affected. Successful exploitation via CVE-2022-42885 leads to immediate application termination, causing denial of service for any service or tool relying on Open Babel's GRO parsing. More critically, skilled attackers could potentially leverage this memory corruption to achieve arbitrary code execution on the compromised system, allowing for data exfiltration, further system compromise, or the deployment of additional malicious payloads.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Immediately update all installations of Open Babel to version 3.2.0 or newer to patch CVE-2022-42885.</li>
<li>Implement strict input validation and sandboxing for applications that process untrusted or user-supplied GRO files using Open Babel.</li>
<li>Educate users on the risks of opening or processing untrusted files, consistent with the initial access vector that requires a victim to open a malicious GRO file.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>vulnerability</category><category>memory-safety</category><category>cve</category><category>open-babel</category></item><item><title>Open Babel PQS coord_file parser suffers from out-of-bounds write vulnerability (CVE-2022-43467)</title><link>https://feed.craftedsignal.io/briefs/2026-07-open-babel-pqs-oob-write/</link><pubDate>Fri, 03 Jul 2026 12:53:09 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-open-babel-pqs-oob-write/</guid><description>A high-severity memory-safety vulnerability (CVE-2022-43467) in Open Babel's PQS `coord_file` parser allows an attacker to achieve an out-of-bounds write by tricking a victim into opening a specially crafted PQS file, potentially leading to arbitrary code execution or denial of service in systems processing untrusted chemistry file formats.</description><content:encoded><![CDATA[<p>A high-severity memory-safety vulnerability, identified as CVE-2022-43467, has been discovered in Open Babel's PQS <code>coord_file</code> parser. This flaw affects all versions up to and including 3.1.1 of the Open Babel library and CLI tool, which is critical for processing various chemistry file formats. Exploitation occurs when a victim processes a specially crafted PQS file, leading to an out-of-bounds write within the <code>coord_file</code> parsing path. This vulnerability was reported by Cisco TALOS and subsequently patched in version 3.2.0, released on 2026-05-26. Given Open Babel's widespread use across Linux distributions and in services that handle untrusted input, this flaw poses a significant risk of arbitrary code execution or denial of service.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker crafts a specially designed PQS file containing a malformed <code>coord_file</code> specifier that targets the vulnerability.</li>
<li>The attacker delivers this malicious PQS file to a target system or user, often via email, download, or integration into a workflow.</li>
<li>A user or automated service on the victim system opens and processes the malicious PQS file using an affected Open Babel component (e.g., <code>obabel</code> CLI tool, <code>OBConversion</code> API, or language bindings).</li>
<li>During the parsing process of the PQS <code>coord_file</code> path, the malformed specifier triggers an out-of-bounds write operation.</li>
<li>This memory corruption overwrites adjacent memory regions, leading to unpredictable program behavior, including crashes.</li>
<li>Successful exploitation can result in application crashes (Denial of Service) or, with further exploitation, arbitrary code execution on the compromised system.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The vulnerability affects any system or service utilizing Open Babel versions up to 3.1.1 to process PQS files, particularly those that handle untrusted or external input. Open Babel is widely deployed as a C++ library and command-line interface, integrated into Linux distributions and various scientific applications. Successful exploitation of CVE-2022-43467 can lead to service disruption through denial of service (application crashes) or, more severely, arbitrary code execution, allowing attackers to gain control over affected systems. The full scope of potential victims is broad due to the library's foundational role in chemistry informatics.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Immediately update all Open Babel installations to version 3.2.0 or later to patch CVE-2022-43467.</li>
<li>For Python environments, ensure <code>pip/openbabel</code> is updated to a version greater than or equal to 3.2.0.</li>
<li>Implement strict input validation for all PQS files processed by Open Babel components, especially those originating from untrusted sources, to mitigate the risk of malformed file attacks.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>open-babel</category><category>vulnerability</category><category>memory-corruption</category><category>cve</category><category>library</category></item><item><title>Open Babel MOL2 Parser Out-of-Bounds Write (CVE-2022-43607)</title><link>https://feed.craftedsignal.io/briefs/2026-07-openbabel-oob-write/</link><pubDate>Fri, 03 Jul 2026 12:52:17 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-openbabel-oob-write/</guid><description>A memory-safety vulnerability, CVE-2022-43607, in Open Babel's MOL2 parser allows an out-of-bounds write when processing a crafted input file, potentially leading to denial of service or arbitrary code execution.</description><content:encoded><![CDATA[<p>Cisco TALOS reported a critical memory-safety vulnerability, CVE-2022-43607, affecting Open Babel versions up to 3.1.1. This flaw resides within the MOL2 file format parser, specifically in the attribute/value parsing path. An attacker can craft a malicious MOL2 file containing an overly long attribute or value, which, when processed by the vulnerable Open Babel software, triggers an out-of-bounds write. This vulnerability is significant because Open Babel is a widely used C++ library and command-line interface (<code>obabel</code>) for manipulating chemistry file formats, often embedded in scientific applications and services. The vulnerability can be exploited when a victim opens a specially crafted MOL2 file using the <code>obabel</code> tool, the <code>OBConversion</code> API, or any of its language bindings (Python, Ruby, Java, R, Perl, C#, PHP). This can lead to memory corruption, denial of service, or potentially arbitrary code execution if successfully weaponized.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker crafts a malicious MOL2 file containing an over-long attribute or value designed to exceed a fixed-size buffer.</li>
<li>The attacker delivers this crafted MOL2 file to a target system or user (e.g., via email, web download, or shared storage).</li>
<li>The victim opens or processes the malicious MOL2 file using the <code>obabel</code> command-line tool, the <code>OBConversion</code> API, or one of Open Babel's language bindings.</li>
<li>Open Babel's MOL2 parser attempts to parse the malicious file's attributes and values.</li>
<li>During parsing, the overly long data triggers an out-of-bounds write operation past the end of an allocated memory buffer.</li>
<li>This memory corruption can lead to a crash of the Open Babel process, resulting in a denial of service (DoS).</li>
<li>With sophisticated exploitation, this memory corruption could potentially be leveraged to achieve arbitrary code execution.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The successful exploitation of CVE-2022-43607 can result in memory corruption, leading to a denial of service (DoS) by crashing the application or tool processing the malicious MOL2 file. In more severe scenarios, it could enable arbitrary code execution, granting attackers control over the compromised system. While no specific in-the-wild exploitation has been observed, the widespread use of Open Babel in academic, research, and industrial sectors that handle chemical data means that a broad range of organizations could be affected. Any service or workstation that uses Open Babel to parse untrusted MOL2 files is at risk.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Patch CVE-2022-43607 by updating Open Babel to version 3.2.0 or later immediately across all affected systems.</li>
<li>Implement process creation logging (e.g., Sysmon for Windows or Auditd for Linux) to activate the provided Sigma rule for <code>obabel</code> execution.</li>
<li>Review and tune the provided Sigma rule to monitor for unusual invocations of the <code>obabel</code> command-line tool, especially from untrusted sources or with uncommon parameters.</li>
<li>Educate users on the risks of opening untrusted or suspicious MOL2 files received from unknown sources, as user interaction is required for exploitation.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">threat</category><category>memory-safety</category><category>vulnerability</category><category>library</category><category>cve</category><category>file-parsing</category><category>chemistry</category><category>denial-of-service</category><category>code-execution</category></item><item><title>Open Babel Has Uninitialized Pointer Dereference in MSI Atom Parser</title><link>https://feed.craftedsignal.io/briefs/2026-07-open-babel-msi-parser-vuln/</link><pubDate>Fri, 03 Jul 2026 12:51:24 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-open-babel-msi-parser-vuln/</guid><description>A memory-safety vulnerability (CVE-2022-44451) in Open Babel's MSI parser allows for an uninitialized pointer dereference when processing a specially crafted MSI input file, affecting versions prior to 3.2.0 and potentially leading to application instability or denial of service when a victim opens a malicious file.</description><content:encoded><![CDATA[<p>A memory-safety vulnerability, identified as CVE-2022-44451, has been discovered in Open Babel, a widely used C++ library and command-line interface for chemistry file format manipulation. Reported by Cisco TALOS, this flaw exists within Open Babel's MSI atom parser, leading to an uninitialized pointer dereference when processing a specially crafted input file. This vulnerability affects all Open Babel versions up to and including 3.1.1. Attackers could exploit this by convincing a victim to open a malicious MSI file using the <code>obabel</code> CLI tool, the <code>OBConversion</code> API, or any of its language bindings (Python, Ruby, Java, R, Perl, C#, PHP). This could lead to application instability, crashes, or denial of service on systems that parse untrusted chemical file formats, impacting scientific computing environments and services embedding the library.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker crafts a malicious MSI (Molecular Structure Input) file specifically designed to trigger the uninitialized pointer dereference vulnerability (CVE-2022-44451) within Open Babel's parser.</li>
<li>The attacker delivers this malicious MSI file to a target system or user, potentially through phishing emails, malicious websites, or embedding it within a seemingly legitimate data set.</li>
<li>The victim opens or attempts to process the malicious MSI file using the <code>obabel</code> command-line tool, an application leveraging the <code>OBConversion</code> API, or any of Open Babel's language bindings (e.g., Python, Ruby).</li>
<li>Open Babel's internal MSI parser begins to process the malformed record within the crafted input file.</li>
<li>During atom handling, the parser attempts to dereference an atom pointer that has not been properly initialized, triggering the memory-safety flaw.</li>
<li>This uninitialized pointer dereference causes the Open Babel application or the service embedding it to crash or become unstable.</li>
<li>The final objective is application denial of service or potential arbitrary code execution, impacting the availability and integrity of the affected system.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>This vulnerability primarily results in application instability or denial of service, as the affected Open Babel process crashes when attempting to parse a malicious MSI file. Given Open Babel's role as a core library and CLI tool shipped by various Linux distributions and embedded in services that process chemical file formats, a successful attack could disrupt scientific computing workflows, research data processing, or any service relying on Open Babel for untrusted input parsing. While no specific victim counts are available, the broad usage of Open Babel implies a significant potential attack surface across academic, research, and industrial sectors utilizing computational chemistry.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Immediately update Open Babel installations to version 3.2.0 or newer to mitigate CVE-2022-44451, as indicated by the <code>Patched version</code> details.</li>
<li>Implement robust input validation and sanitization for all MSI files processed by applications leveraging Open Babel, especially when dealing with untrusted sources, to prevent malformed records from reaching the vulnerable parser.</li>
<li>Monitor for unexpected crashes or abnormal termination of the <code>obabel</code> CLI tool or any applications using the <code>OBConversion</code> API when processing MSI files, as this could indicate an attempted exploitation of CVE-2022-44451.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>chemistry</category><category>vulnerability</category><category>memory-safety</category><category>open-babel</category><category>cve</category></item><item><title>Open Babel PQS Parser Uninitialized Pointer Dereference (CVE-2022-46280)</title><link>https://feed.craftedsignal.io/briefs/2026-07-open-babel-uninitialized-pointer-dereference/</link><pubDate>Fri, 03 Jul 2026 12:50:29 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-open-babel-uninitialized-pointer-dereference/</guid><description>A memory-safety vulnerability, CVE-2022-46280, in Open Babel's PQS parser (versions prior to 3.2.0) allows an uninitialized pointer dereference when processing a specially crafted input file, potentially leading to application crashes and denial of service if a victim opens a malicious PQS file.</description><content:encoded><![CDATA[<p>A significant memory-safety vulnerability, tracked as CVE-2022-46280, has been identified in the Open Babel library, specifically within its PQS parser. This flaw affects all versions up to and including 3.1.1. The vulnerability stems from improper handling of <code>pFormat</code> during PQS file parsing, where a malformed input file can cause the parser to dereference an uninitialized pointer. This can lead to application instability, crashes, and potentially denial of service when untrusted PQS files are processed. Open Babel is a widely used C++ chemistry library and command-line tool, often embedded in other services or shipped with Linux distributions, making its exploitation a concern for systems that process untrusted chemical file formats. The vulnerability was responsibly disclosed by Cisco TALOS.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker crafts a malicious PQS (Protein Query System) input file specifically designed to exploit the uninitialized pointer dereference vulnerability.</li>
<li>The attacker delivers this malicious PQS file to a victim system through various means, such as email attachments, malicious websites, or shared network drives.</li>
<li>The victim user or an automated service is induced to open or process the malicious PQS file using the <code>obabel</code> command-line tool, the <code>OBConversion</code> API, or any language binding (e.g., Python, Ruby, Java, R, Perl, C#, PHP) that utilizes the vulnerable Open Babel library.</li>
<li>During the parsing of the malformed PQS file, the Open Babel library attempts to access a <code>pFormat</code> pointer that has not been correctly initialized.</li>
<li>This uninitialized pointer dereference triggers a memory access violation or segmentation fault within the application using Open Babel.</li>
<li>The application crashes, leading to a denial of service (DoS) for the affected process or system, depending on how Open Babel is integrated.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The primary impact of CVE-2022-46280 is a denial of service (DoS) for applications or systems that utilize the vulnerable Open Babel library to parse untrusted PQS files. If a malicious PQS file is processed, the application will crash, rendering it temporarily or permanently unavailable until manually restarted or if the system's fault tolerance mechanisms kick in. Given Open Babel's widespread use in scientific computing, chemistry, and various Linux distributions, this vulnerability could affect a broad range of services or end-user workstations that handle chemical data. While not directly leading to arbitrary code execution, repeated crashes could disrupt research workflows, automated processing pipelines, or critical scientific infrastructure.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li><strong>Patch CVE-2022-46280 immediately</strong> by upgrading Open Babel to version 3.2.0 or newer. Refer to <a href="https://github.com/advisories/GHSA-8qxc-57hf-hc9j">https://github.com/advisories/GHSA-8qxc-57hf-hc9j</a> for details.</li>
<li>Implement strict input validation and sanitization for all PQS files processed by applications utilizing Open Babel, particularly those obtained from untrusted sources.</li>
<li>Segregate critical services that process PQS files into isolated environments to limit the blast radius of potential crashes.</li>
<li>Ensure that all instances of the <code>obabel</code> tool and any applications leveraging the Open Babel library are updated to the patched version.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>vulnerability</category><category>memory-corruption</category><category>library</category><category>linux</category><category>DoS</category></item><item><title>Open Babel MOPAC Parser Out-of-Bounds Write Vulnerability (CVE-2022-46294)</title><link>https://feed.craftedsignal.io/briefs/2026-07-open-babel-mopac-oob-write/</link><pubDate>Fri, 03 Jul 2026 12:47:53 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-open-babel-mopac-oob-write/</guid><description>A memory-safety vulnerability (CVE-2022-46294) in Open Babel's MOPAC input parser allows an out-of-bounds write into the `translationVectors[]` array when reading more than three Tv atoms from a crafted MOPAC input file, which can lead to application crash or arbitrary code execution upon victim processing the file.</description><content:encoded><![CDATA[<p>Open Babel, a C++ library and command-line tool for chemistry file format manipulation, is affected by CVE-2022-46294, a high-severity memory-safety vulnerability. Discovered and reported by Cisco TALOS, this flaw exists in the MOPAC IN reader component. Specifically, a crafted MOPAC input file containing more than three 'Tv' (translation-vector) atoms can lead to an out-of-bounds write in the <code>translationVectors[]</code> array. This vulnerability affects all Open Babel versions up to and including 3.1.1. Exploitation requires a victim to open such a malicious file using the <code>obabel</code> CLI tool, the <code>OBConversion</code> API, or any of its language bindings (Python, Ruby, Java, R, Perl, C#, PHP). The library is widely adopted, shipped by various Linux distributions, and often embedded in services that process chemical data, making it a critical concern for defenders. The vulnerability was patched in version 3.2.0, released on 2026-05-26, with the fix available in commit <code>40e85213</code>.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>Attacker crafts a malicious MOPAC input file containing more than three 'Tv' (translation-vector) atoms specifically designed to trigger an out-of-bounds write vulnerability (CVE-2022-46294).</li>
<li>Attacker delivers the malicious MOPAC file to a target system or user, potentially via email attachments, malicious websites, or untrusted file shares.</li>
<li>A user or automated process on the target system opens or attempts to process the malicious MOPAC file using the <code>obabel</code> command-line tool, the <code>OBConversion</code> API, or any of Open Babel's language bindings (e.g., Python <code>pybel</code>).</li>
<li>Open Babel's MOPAC IN reader component attempts to parse the malformed input file, specifically the section containing the 'Tv' atoms.</li>
<li>During parsing, the reader attempts to store more translation vectors than the fixed-size <code>translationVectors[]</code> array can hold, resulting in an out-of-bounds write operation past the allocated memory.</li>
<li>This out-of-bounds write corrupts adjacent memory, potentially leading to application crash, denial of service, or, under specific conditions, arbitrary code execution.</li>
<li>If arbitrary code execution is successfully achieved, the attacker gains control over the compromised process running Open Babel, which can be leveraged for further system compromise, data exfiltration, or installation of additional malware.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The successful exploitation of CVE-2022-46294 can lead to memory corruption, causing the application using Open Babel to crash, resulting in a denial of service. In more severe scenarios, it could enable arbitrary code execution within the context of the affected application, allowing an attacker to compromise the system. Open Babel is a foundational library in chemistry and materials science, widely shipped by Linux distributions and integrated into various services for processing untrusted chemical data. Organizations that parse untrusted MOPAC files using vulnerable versions of Open Babel are at risk of system instability, data breaches, or complete system takeover if arbitrary code execution is achieved.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Patch CVE-2022-46294 immediately by upgrading all affected installations of Open Babel to version 3.2.0 or higher.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>memory-corruption</category><category>out-of-bounds-write</category><category>cve</category><category>library-vulnerability</category></item><item><title>Open Babel Out-of-Bounds Write in MSI Parser (CVE-2022-46295)</title><link>https://feed.craftedsignal.io/briefs/2026-07-open-babel-oob-write/</link><pubDate>Fri, 03 Jul 2026 12:46:55 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-open-babel-oob-write/</guid><description>An out-of-bounds write vulnerability (CVE-2022-46295) in Open Babel's MSI parser allows remote attackers to cause memory corruption, denial of service, or potentially arbitrary code execution when a victim opens a specially crafted MSI file using the `obabel` tool or any application linked to the `OBConversion` API.</description><content:encoded><![CDATA[<p>A significant memory-safety vulnerability, tracked as CVE-2022-46295, has been identified in Open Babel, a widely used C++ library and command-line interface for interconverting chemical file formats. The flaw specifically resides within the MSI parser, where a fixed-size <code>translationVectors[]</code> array is susceptible to an out-of-bounds write. Attackers can exploit this by crafting a malformed MSI file that, when processed by vulnerable versions of Open Babel (all releases up to and including 3.1.1), causes the parser to write more vectors than the array's capacity. This memory corruption can lead to denial of service or, in more advanced scenarios, arbitrary code execution. Given Open Babel's inclusion in various Linux distributions and its integration into services that may process untrusted input, the potential impact is broad, affecting scientific, pharmaceutical, and chemical sectors. The vulnerability was patched in Open Babel version 3.2.0, released in May 2026, following a report by Cisco TALOS.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li><strong>Attacker Crafts Malicious MSI File</strong>: An attacker creates a specially malformed MSI file designed to push more cell translation vectors than the <code>translationVectors[]</code> array can hold within Open Babel's MSI parser.</li>
<li><strong>Delivery of Malicious File</strong>: The crafted MSI file is delivered to a target system, often via email, malicious download, or an untrusted file share.</li>
<li><strong>Victim Processes Malicious File</strong>: The victim opens the malicious MSI file using the <code>obabel</code> command-line tool, an application that links the <code>OBConversion</code> API, or any of Open Babel's language bindings (e.g., Python, Ruby, Java, R, Perl, C#, PHP).</li>
<li><strong>Vulnerable Parsing Initiated</strong>: Open Babel's MSI parser initiates processing of the malformed input file to extract chemical structure data.</li>
<li><strong>Out-of-Bounds Write Occurs</strong>: During the parsing of the crafted MSI file, the vulnerable logic attempts to write an excessive number of cell translation vectors into the fixed-size <code>translationVectors[]</code> array, resulting in an out-of-bounds write past the array's allocated memory region.</li>
<li><strong>Memory Corruption</strong>: The out-of-bounds write corrupts adjacent memory, leading to unpredictable program behavior.</li>
<li><strong>Denial of Service or Arbitrary Code Execution</strong>: This memory corruption can cause the application to crash, resulting in a denial of service, or potentially be leveraged by an attacker to achieve arbitrary code execution on the compromised system.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>This vulnerability, CVE-2022-46295, impacts organizations utilizing Open Babel for chemical file format processing, particularly those handling untrusted MSI files. Due to Open Babel's common inclusion in Linux distributions and its embedding within various services, a wide array of sectors, from academic research to pharmaceutical and chemical industries, could be affected. Successful exploitation results in memory corruption, leading to application crashes and denial of service, or potentially allowing an attacker to achieve arbitrary code execution, compromising data integrity, confidentiality, or system control.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Upgrade all installations of Open Babel to version 3.2.0 or newer to remediate CVE-2022-46295.</li>
<li>Implement strict input validation and sandboxing for applications processing untrusted MSI files using Open Babel to limit the potential impact of memory corruption vulnerabilities like CVE-2022-46295.</li>
<li>Monitor systems for crashes of <code>obabel</code> processes or applications linked against <code>OBConversion</code> library functions, which could indicate attempts at exploiting vulnerabilities like CVE-2022-46295.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>memory-corruption</category><category>vulnerability</category><category>library</category><category>cpp</category><category>ghsa</category></item></channel></rss>