{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/open-babel--3.1.1/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:openbabel:open_babel:3.1.1:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":9.8,"id":"CVE-2022-42885"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Open Babel \u003c= 3.1.1","openbabel (pip) \u003c 3.2.0"],"_cs_severities":["high"],"_cs_tags":["vulnerability","memory-safety","cve","open-babel"],"_cs_type":"advisory","_cs_vendors":["Open Babel"],"content_html":"\u003cp\u003eOpen Babel, a widely used C++ library and CLI tool for chemical file format conversions, is affected by a high-severity memory-safety vulnerability, CVE-2022-42885. Discovered in the GRO residue parser, this flaw allows an uninitialized pointer dereference when processing a specially crafted GRO input file. The vulnerability affects all versions up to and including 3.1.1 and was publicly disclosed with a patch in version 3.2.0 on May 26, 2026. Reported by Cisco TALOS, this issue impacts systems where Open Babel's \u003ccode\u003eobabel\u003c/code\u003e tool, \u003ccode\u003eOBConversion\u003c/code\u003e API, or its various language bindings (Python, Ruby, Java, R, Perl, C#, PHP) are used to parse untrusted GRO files. Exploitation can lead to application crashes or potentially arbitrary code execution, posing a significant risk to data processing workflows in chemistry and related scientific fields.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious GRO file specifically designed with a malformed residue record to exploit CVE-2022-42885.\u003c/li\u003e\n\u003cli\u003eThe attacker delivers this malicious GRO file to a target system, potentially via social engineering tactics such as email attachment or by embedding it within a seemingly legitimate data set.\u003c/li\u003e\n\u003cli\u003eA user or an automated process on the target system opens or attempts to parse the malicious GRO file using the \u003ccode\u003eobabel\u003c/code\u003e CLI tool, an application leveraging Open Babel's \u003ccode\u003eOBConversion\u003c/code\u003e API, or one of its language bindings (e.g., Python, Java).\u003c/li\u003e\n\u003cli\u003eDuring the parsing of the malformed record, Open Babel's GRO reader attempts to access a residue pointer that has not been properly initialized.\u003c/li\u003e\n\u003cli\u003eThis uninitialized pointer dereference leads to a memory access violation within the process.\u003c/li\u003e\n\u003cli\u003eThe memory access violation results in the application crashing (denial of service) or, in a more severe scenario, allows the attacker to achieve arbitrary code execution on the host system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis vulnerability impacts systems that utilize Open Babel, particularly those that process GRO chemical file format data from untrusted sources. Since Open Babel is commonly shipped by Linux distributions and embedded in scientific services, a broad range of research institutions, academic organizations, and industrial entities could be affected. Successful exploitation via CVE-2022-42885 leads to immediate application termination, causing denial of service for any service or tool relying on Open Babel's GRO parsing. More critically, skilled attackers could potentially leverage this memory corruption to achieve arbitrary code execution on the compromised system, allowing for data exfiltration, further system compromise, or the deployment of additional malicious payloads.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately update all installations of Open Babel to version 3.2.0 or newer to patch CVE-2022-42885.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sandboxing for applications that process untrusted or user-supplied GRO files using Open Babel.\u003c/li\u003e\n\u003cli\u003eEducate users on the risks of opening or processing untrusted files, consistent with the initial access vector that requires a victim to open a malicious GRO file.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T12:54:02Z","date_published":"2026-07-03T12:54:02Z","id":"https://feed.craftedsignal.io/briefs/2026-07-open-babel-uninitialized-ptr-deref/","summary":"A high-severity memory-safety vulnerability (CVE-2022-42885) in Open Babel's GRO residue parser allows an uninitialized pointer dereference when processing a specially crafted GRO input file, potentially leading to application crash or arbitrary code execution.","title":"Open Babel Uninitialized Pointer Dereference Vulnerability (CVE-2022-42885)","url":"https://feed.craftedsignal.io/briefs/2026-07-open-babel-uninitialized-ptr-deref/"}],"language":"en","title":"CraftedSignal Threat Feed - Open Babel \u003c= 3.1.1","version":"https://jsonfeed.org/version/1.1"}