{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/open-babel--3.2.0/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:openbabel:open_babel:*:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":5.3,"id":"CVE-2025-10996"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Open Babel (\u003c 3.2.0)"],"_cs_severities":["high"],"_cs_tags":["vulnerability","buffer-overflow","chemistry","library","cve"],"_cs_type":"advisory","_cs_vendors":["Open Babel"],"content_html":"\u003cp\u003eA critical memory-safety vulnerability, tracked as CVE-2025-10996, has been identified in Open Babel, a widely used C++ chemistry library and command-line tool. The flaw specifically resides within the \u003ccode\u003eOBSmilesParser::ParseSmiles\u003c/code\u003e function, which is responsible for interpreting SMILES (Simplified Molecular Input Line Entry Specification) strings. When processing a specially crafted and malformed SMILES input, the parser can write beyond the boundaries of a heap-allocated buffer, leading to a heap buffer overflow. This vulnerability affects all Open Babel versions up to and including 3.1.1. It is particularly concerning because Open Babel is often embedded in services that parse untrusted input and SMILES strings are frequently handled via command-line arguments and automated script pipelines, making the exploitation primitive easily reachable. A patch was released in version 3.2.0 on May 26, 2026, addressing the issue.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eAttacker crafts malicious SMILES string\u003c/strong\u003e: The attacker develops a specially engineered SMILES string designed to exploit the heap buffer overflow vulnerability in Open Babel's \u003ccode\u003eOBSmilesParser::ParseSmiles\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAttacker delivers malicious SMILES string\u003c/strong\u003e: The crafted SMILES string is delivered to the victim, potentially via a malicious file (e.g., a \u003ccode\u003e.smi\u003c/code\u003e file), an email attachment, or as input within a web application or scientific workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVictim initiates SMILES parsing\u003c/strong\u003e: The victim, or an automated system, processes the malicious SMILES string using Open Babel through the \u003ccode\u003eobabel\u003c/code\u003e command-line tool, the \u003ccode\u003eOBConversion\u003c/code\u003e API, or any of its language bindings (Python, Ruby, Java, R, Perl, C#, PHP).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eOBSmilesParser::ParseSmiles\u003c/code\u003e is invoked\u003c/strong\u003e: Open Babel's internal \u003ccode\u003eOBSmilesParser::ParseSmiles\u003c/code\u003e function is called to interpret the malformed SMILES input string.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeap buffer overflow triggers\u003c/strong\u003e: During parsing, the specially crafted SMILES string causes the \u003ccode\u003eParseSmiles\u003c/code\u003e function to write data beyond the allocated memory region on the heap.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMemory corruption and impact\u003c/strong\u003e: This heap buffer overflow leads to memory corruption, which can result in a denial-of-service (DoS) condition by crashing the application, or, if successfully manipulated, arbitrary code execution within the context of the vulnerable Open Babel process.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePost-exploitation (if RCE achieved)\u003c/strong\u003e: If arbitrary code execution is achieved, the attacker gains control over the compromised process, potentially enabling further actions such as data exfiltration, system compromise, or malware deployment.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe exploitation of CVE-2025-10996 can lead to severe consequences for organizations utilizing Open Babel. At minimum, a successful attack will result in a denial-of-service (DoS) condition, causing the Open Babel application or any service embedding it to crash. More critically, skilled attackers could potentially leverage this heap buffer overflow to achieve arbitrary code execution, granting them unauthorized control over the affected system. Organizations in scientific research, chemical industries, and any sector relying on chemical data processing and Open Babel for parsing untrusted SMILES input are at risk. The broad deployment of Open Babel, including its presence in Linux distributions and various language bindings, expands the potential attack surface.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2025-10996 immediately by upgrading Open Babel to version 3.2.0 or later on all affected systems and integrated services.\u003c/li\u003e\n\u003cli\u003eReview all instances where Open Babel is used to parse external or untrusted SMILES input, especially those invoked via command-line or programmatic APIs.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T13:02:04Z","date_published":"2026-07-03T13:02:04Z","id":"https://feed.craftedsignal.io/briefs/2026-07-open-babel-heap-buffer-overflow/","summary":"A heap buffer overflow vulnerability (CVE-2025-10996) in Open Babel's `OBSmilesParser::ParseSmiles` function allows attackers to achieve denial of service or arbitrary code execution by crafting and supplying a malformed SMILES input string to affected versions up to 3.1.1.","title":"Open Babel Heap Buffer Overflow in SMILES Parsing (CVE-2025-10996)","url":"https://feed.craftedsignal.io/briefs/2026-07-open-babel-heap-buffer-overflow/"},{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:openbabel:open_babel:*:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":5.3,"id":"CVE-2025-10997"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Open Babel (\u003c 3.2.0)","pip/openbabel (\u003c 3.2.0)"],"_cs_severities":["high"],"_cs_tags":["chemistry","vulnerability","buffer-overflow","memory-corruption","cve"],"_cs_type":"advisory","_cs_vendors":["Open Babel"],"content_html":"\u003cp\u003eA memory-safety vulnerability, identified as CVE-2025-10997, has been discovered in Open Babel, a widely used C++ library and command-line tool for chemistry file format conversion. This flaw, reported via OSS-Fuzz, specifically exists within the \u003ccode\u003eChemKinFormat::CheckSpecies\u003c/code\u003e function of the ChemKin parser. Attackers can exploit this vulnerability by crafting a malicious ChemKin file that, when processed by a victim using Open Babel components (such as the \u003ccode\u003eobabel\u003c/code\u003e tool, the \u003ccode\u003eOBConversion\u003c/code\u003e API, or its language bindings), causes a heap buffer overflow. This leads to memory corruption, potentially resulting in application crashes (Denial of Service) or, under certain conditions, arbitrary code execution. All Open Babel releases up to and including version 3.1.1 are affected; the vulnerability was patched in version 3.2.0, released on 2026-05-26.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious ChemKin file specifically designed to contain malformed species records, triggering the heap buffer overflow in \u003ccode\u003eChemKinFormat::CheckSpecies\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe malicious ChemKin file is delivered to the victim, typically via social engineering (e.g., email attachment), malicious download link, or embedding within a seemingly legitimate data set.\u003c/li\u003e\n\u003cli\u003eThe victim interacts with the malicious file, causing it to be processed by an Open Babel component, such as the \u003ccode\u003eobabel\u003c/code\u003e command-line tool, the \u003ccode\u003eOBConversion\u003c/code\u003e API, or one of its language bindings (Python, Ruby, Java, etc.).\u003c/li\u003e\n\u003cli\u003eOpen Babel's internal parser, specifically within the \u003ccode\u003eChemKinFormat::CheckSpecies\u003c/code\u003e function, attempts to process the malformed species record from the crafted file.\u003c/li\u003e\n\u003cli\u003eDue to the malformed data, the \u003ccode\u003eChemKinFormat::CheckSpecies\u003c/code\u003e function attempts to write data beyond the allocated bounds of a heap-allocated buffer.\u003c/li\u003e\n\u003cli\u003eThis heap buffer overflow corrupts memory, leading to an application crash (Denial of Service) or, under specific conditions, allows for arbitrary code execution on the victim's system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2025-10997 can lead to severe consequences for systems processing untrusted ChemKin files with affected versions of Open Babel. The primary impact includes denial of service, as the application processing the malicious file will likely crash due to memory corruption. More critically, sophisticated exploitation could lead to arbitrary code execution, granting attackers control over the compromised system. Open Babel is widely integrated, being shipped by Linux distributions and embedded in various services that parse chemical file formats. Organizations using Open Babel in such contexts, especially those handling external or untrusted data, are at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2025-10997 by upgrading all instances of Open Babel and its language bindings to version 3.2.0 or later immediately.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sanitization for all ChemKin files processed by applications utilizing Open Babel components to mitigate risks from specially crafted inputs.\u003c/li\u003e\n\u003cli\u003eMonitor systems that utilize Open Babel for unexpected application crashes or unusual process behavior that could indicate attempted exploitation.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T13:01:12Z","date_published":"2026-07-03T13:01:12Z","id":"https://feed.craftedsignal.io/briefs/2026-07-open-babel-heap-overflow/","summary":"A heap buffer overflow vulnerability (CVE-2025-10997) in Open Babel's ChemKin parser allows an attacker to achieve memory corruption when a victim processes a specially crafted ChemKin file, potentially leading to denial of service or arbitrary code execution.","title":"Open Babel Heap Buffer Overflow in ChemKin Parser (CVE-2025-10997)","url":"https://feed.craftedsignal.io/briefs/2026-07-open-babel-heap-overflow/"},{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:openbabel:open_babel:3.1.1:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":9.8,"id":"CVE-2022-44451"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Open Babel (\u003c 3.2.0)"],"_cs_severities":["high"],"_cs_tags":["chemistry","vulnerability","memory-safety","open-babel","cve"],"_cs_type":"advisory","_cs_vendors":["Open Babel"],"content_html":"\u003cp\u003eA memory-safety vulnerability, identified as CVE-2022-44451, has been discovered in Open Babel, a widely used C++ library and command-line interface for chemistry file format manipulation. Reported by Cisco TALOS, this flaw exists within Open Babel's MSI atom parser, leading to an uninitialized pointer dereference when processing a specially crafted input file. This vulnerability affects all Open Babel versions up to and including 3.1.1. Attackers could exploit this by convincing a victim to open a malicious MSI file using the \u003ccode\u003eobabel\u003c/code\u003e CLI tool, the \u003ccode\u003eOBConversion\u003c/code\u003e API, or any of its language bindings (Python, Ruby, Java, R, Perl, C#, PHP). This could lead to application instability, crashes, or denial of service on systems that parse untrusted chemical file formats, impacting scientific computing environments and services embedding the library.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious MSI (Molecular Structure Input) file specifically designed to trigger the uninitialized pointer dereference vulnerability (CVE-2022-44451) within Open Babel's parser.\u003c/li\u003e\n\u003cli\u003eThe attacker delivers this malicious MSI file to a target system or user, potentially through phishing emails, malicious websites, or embedding it within a seemingly legitimate data set.\u003c/li\u003e\n\u003cli\u003eThe victim opens or attempts to process the malicious MSI file using the \u003ccode\u003eobabel\u003c/code\u003e command-line tool, an application leveraging the \u003ccode\u003eOBConversion\u003c/code\u003e API, or any of Open Babel's language bindings (e.g., Python, Ruby).\u003c/li\u003e\n\u003cli\u003eOpen Babel's internal MSI parser begins to process the malformed record within the crafted input file.\u003c/li\u003e\n\u003cli\u003eDuring atom handling, the parser attempts to dereference an atom pointer that has not been properly initialized, triggering the memory-safety flaw.\u003c/li\u003e\n\u003cli\u003eThis uninitialized pointer dereference causes the Open Babel application or the service embedding it to crash or become unstable.\u003c/li\u003e\n\u003cli\u003eThe final objective is application denial of service or potential arbitrary code execution, impacting the availability and integrity of the affected system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis vulnerability primarily results in application instability or denial of service, as the affected Open Babel process crashes when attempting to parse a malicious MSI file. Given Open Babel's role as a core library and CLI tool shipped by various Linux distributions and embedded in services that process chemical file formats, a successful attack could disrupt scientific computing workflows, research data processing, or any service relying on Open Babel for untrusted input parsing. While no specific victim counts are available, the broad usage of Open Babel implies a significant potential attack surface across academic, research, and industrial sectors utilizing computational chemistry.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately update Open Babel installations to version 3.2.0 or newer to mitigate CVE-2022-44451, as indicated by the \u003ccode\u003ePatched version\u003c/code\u003e details.\u003c/li\u003e\n\u003cli\u003eImplement robust input validation and sanitization for all MSI files processed by applications leveraging Open Babel, especially when dealing with untrusted sources, to prevent malformed records from reaching the vulnerable parser.\u003c/li\u003e\n\u003cli\u003eMonitor for unexpected crashes or abnormal termination of the \u003ccode\u003eobabel\u003c/code\u003e CLI tool or any applications using the \u003ccode\u003eOBConversion\u003c/code\u003e API when processing MSI files, as this could indicate an attempted exploitation of CVE-2022-44451.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T12:51:24Z","date_published":"2026-07-03T12:51:24Z","id":"https://feed.craftedsignal.io/briefs/2026-07-open-babel-msi-parser-vuln/","summary":"A memory-safety vulnerability (CVE-2022-44451) in Open Babel's MSI parser allows for an uninitialized pointer dereference when processing a specially crafted MSI input file, affecting versions prior to 3.2.0 and potentially leading to application instability or denial of service when a victim opens a malicious file.","title":"Open Babel Has Uninitialized Pointer Dereference in MSI Atom Parser","url":"https://feed.craftedsignal.io/briefs/2026-07-open-babel-msi-parser-vuln/"},{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:openbabel:open_babel:3.1.1:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":9.8,"id":"CVE-2022-46280"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Open Babel (\u003c 3.2.0)"],"_cs_severities":["high"],"_cs_tags":["vulnerability","memory-corruption","library","linux","DoS"],"_cs_type":"advisory","_cs_vendors":["Open Babel"],"content_html":"\u003cp\u003eA significant memory-safety vulnerability, tracked as CVE-2022-46280, has been identified in the Open Babel library, specifically within its PQS parser. This flaw affects all versions up to and including 3.1.1. The vulnerability stems from improper handling of \u003ccode\u003epFormat\u003c/code\u003e during PQS file parsing, where a malformed input file can cause the parser to dereference an uninitialized pointer. This can lead to application instability, crashes, and potentially denial of service when untrusted PQS files are processed. Open Babel is a widely used C++ chemistry library and command-line tool, often embedded in other services or shipped with Linux distributions, making its exploitation a concern for systems that process untrusted chemical file formats. The vulnerability was responsibly disclosed by Cisco TALOS.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious PQS (Protein Query System) input file specifically designed to exploit the uninitialized pointer dereference vulnerability.\u003c/li\u003e\n\u003cli\u003eThe attacker delivers this malicious PQS file to a victim system through various means, such as email attachments, malicious websites, or shared network drives.\u003c/li\u003e\n\u003cli\u003eThe victim user or an automated service is induced to open or process the malicious PQS file using the \u003ccode\u003eobabel\u003c/code\u003e command-line tool, the \u003ccode\u003eOBConversion\u003c/code\u003e API, or any language binding (e.g., Python, Ruby, Java, R, Perl, C#, PHP) that utilizes the vulnerable Open Babel library.\u003c/li\u003e\n\u003cli\u003eDuring the parsing of the malformed PQS file, the Open Babel library attempts to access a \u003ccode\u003epFormat\u003c/code\u003e pointer that has not been correctly initialized.\u003c/li\u003e\n\u003cli\u003eThis uninitialized pointer dereference triggers a memory access violation or segmentation fault within the application using Open Babel.\u003c/li\u003e\n\u003cli\u003eThe application crashes, leading to a denial of service (DoS) for the affected process or system, depending on how Open Babel is integrated.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe primary impact of CVE-2022-46280 is a denial of service (DoS) for applications or systems that utilize the vulnerable Open Babel library to parse untrusted PQS files. If a malicious PQS file is processed, the application will crash, rendering it temporarily or permanently unavailable until manually restarted or if the system's fault tolerance mechanisms kick in. Given Open Babel's widespread use in scientific computing, chemistry, and various Linux distributions, this vulnerability could affect a broad range of services or end-user workstations that handle chemical data. While not directly leading to arbitrary code execution, repeated crashes could disrupt research workflows, automated processing pipelines, or critical scientific infrastructure.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePatch CVE-2022-46280 immediately\u003c/strong\u003e by upgrading Open Babel to version 3.2.0 or newer. Refer to \u003ca href=\"https://github.com/advisories/GHSA-8qxc-57hf-hc9j\"\u003ehttps://github.com/advisories/GHSA-8qxc-57hf-hc9j\u003c/a\u003e for details.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sanitization for all PQS files processed by applications utilizing Open Babel, particularly those obtained from untrusted sources.\u003c/li\u003e\n\u003cli\u003eSegregate critical services that process PQS files into isolated environments to limit the blast radius of potential crashes.\u003c/li\u003e\n\u003cli\u003eEnsure that all instances of the \u003ccode\u003eobabel\u003c/code\u003e tool and any applications leveraging the Open Babel library are updated to the patched version.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T12:50:29Z","date_published":"2026-07-03T12:50:29Z","id":"https://feed.craftedsignal.io/briefs/2026-07-open-babel-uninitialized-pointer-dereference/","summary":"A memory-safety vulnerability, CVE-2022-46280, in Open Babel's PQS parser (versions prior to 3.2.0) allows an uninitialized pointer dereference when processing a specially crafted input file, potentially leading to application crashes and denial of service if a victim opens a malicious PQS file.","title":"Open Babel PQS Parser Uninitialized Pointer Dereference (CVE-2022-46280)","url":"https://feed.craftedsignal.io/briefs/2026-07-open-babel-uninitialized-pointer-dereference/"},{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:openbabel:open_babel:3.1.1:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":9.8,"id":"CVE-2022-46294"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Open Babel (\u003c 3.2.0)"],"_cs_severities":["high"],"_cs_tags":["memory-corruption","out-of-bounds-write","cve","library-vulnerability"],"_cs_type":"advisory","_cs_vendors":["Open Babel"],"content_html":"\u003cp\u003eOpen Babel, a C++ library and command-line tool for chemistry file format manipulation, is affected by CVE-2022-46294, a high-severity memory-safety vulnerability. Discovered and reported by Cisco TALOS, this flaw exists in the MOPAC IN reader component. Specifically, a crafted MOPAC input file containing more than three 'Tv' (translation-vector) atoms can lead to an out-of-bounds write in the \u003ccode\u003etranslationVectors[]\u003c/code\u003e array. This vulnerability affects all Open Babel versions up to and including 3.1.1. Exploitation requires a victim to open such a malicious file using the \u003ccode\u003eobabel\u003c/code\u003e CLI tool, the \u003ccode\u003eOBConversion\u003c/code\u003e API, or any of its language bindings (Python, Ruby, Java, R, Perl, C#, PHP). The library is widely adopted, shipped by various Linux distributions, and often embedded in services that process chemical data, making it a critical concern for defenders. The vulnerability was patched in version 3.2.0, released on 2026-05-26, with the fix available in commit \u003ccode\u003e40e85213\u003c/code\u003e.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious MOPAC input file containing more than three 'Tv' (translation-vector) atoms specifically designed to trigger an out-of-bounds write vulnerability (CVE-2022-46294).\u003c/li\u003e\n\u003cli\u003eAttacker delivers the malicious MOPAC file to a target system or user, potentially via email attachments, malicious websites, or untrusted file shares.\u003c/li\u003e\n\u003cli\u003eA user or automated process on the target system opens or attempts to process the malicious MOPAC file using the \u003ccode\u003eobabel\u003c/code\u003e command-line tool, the \u003ccode\u003eOBConversion\u003c/code\u003e API, or any of Open Babel's language bindings (e.g., Python \u003ccode\u003epybel\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eOpen Babel's MOPAC IN reader component attempts to parse the malformed input file, specifically the section containing the 'Tv' atoms.\u003c/li\u003e\n\u003cli\u003eDuring parsing, the reader attempts to store more translation vectors than the fixed-size \u003ccode\u003etranslationVectors[]\u003c/code\u003e array can hold, resulting in an out-of-bounds write operation past the allocated memory.\u003c/li\u003e\n\u003cli\u003eThis out-of-bounds write corrupts adjacent memory, potentially leading to application crash, denial of service, or, under specific conditions, arbitrary code execution.\u003c/li\u003e\n\u003cli\u003eIf arbitrary code execution is successfully achieved, the attacker gains control over the compromised process running Open Babel, which can be leveraged for further system compromise, data exfiltration, or installation of additional malware.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2022-46294 can lead to memory corruption, causing the application using Open Babel to crash, resulting in a denial of service. In more severe scenarios, it could enable arbitrary code execution within the context of the affected application, allowing an attacker to compromise the system. Open Babel is a foundational library in chemistry and materials science, widely shipped by Linux distributions and integrated into various services for processing untrusted chemical data. Organizations that parse untrusted MOPAC files using vulnerable versions of Open Babel are at risk of system instability, data breaches, or complete system takeover if arbitrary code execution is achieved.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2022-46294 immediately by upgrading all affected installations of Open Babel to version 3.2.0 or higher.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T12:47:53Z","date_published":"2026-07-03T12:47:53Z","id":"https://feed.craftedsignal.io/briefs/2026-07-open-babel-mopac-oob-write/","summary":"A memory-safety vulnerability (CVE-2022-46294) in Open Babel's MOPAC input parser allows an out-of-bounds write into the `translationVectors[]` array when reading more than three Tv atoms from a crafted MOPAC input file, which can lead to application crash or arbitrary code execution upon victim processing the file.","title":"Open Babel MOPAC Parser Out-of-Bounds Write Vulnerability (CVE-2022-46294)","url":"https://feed.craftedsignal.io/briefs/2026-07-open-babel-mopac-oob-write/"},{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:openbabel:open_babel:3.1.1:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":9.8,"id":"CVE-2022-46295"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Open Babel (\u003c 3.2.0)"],"_cs_severities":["high"],"_cs_tags":["memory-corruption","vulnerability","library","cpp","ghsa"],"_cs_type":"advisory","_cs_vendors":["Open Babel"],"content_html":"\u003cp\u003eA significant memory-safety vulnerability, tracked as CVE-2022-46295, has been identified in Open Babel, a widely used C++ library and command-line interface for interconverting chemical file formats. The flaw specifically resides within the MSI parser, where a fixed-size \u003ccode\u003etranslationVectors[]\u003c/code\u003e array is susceptible to an out-of-bounds write. Attackers can exploit this by crafting a malformed MSI file that, when processed by vulnerable versions of Open Babel (all releases up to and including 3.1.1), causes the parser to write more vectors than the array's capacity. This memory corruption can lead to denial of service or, in more advanced scenarios, arbitrary code execution. Given Open Babel's inclusion in various Linux distributions and its integration into services that may process untrusted input, the potential impact is broad, affecting scientific, pharmaceutical, and chemical sectors. The vulnerability was patched in Open Babel version 3.2.0, released in May 2026, following a report by Cisco TALOS.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eAttacker Crafts Malicious MSI File\u003c/strong\u003e: An attacker creates a specially malformed MSI file designed to push more cell translation vectors than the \u003ccode\u003etranslationVectors[]\u003c/code\u003e array can hold within Open Babel's MSI parser.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDelivery of Malicious File\u003c/strong\u003e: The crafted MSI file is delivered to a target system, often via email, malicious download, or an untrusted file share.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVictim Processes Malicious File\u003c/strong\u003e: The victim opens the malicious MSI file using the \u003ccode\u003eobabel\u003c/code\u003e command-line tool, an application that links the \u003ccode\u003eOBConversion\u003c/code\u003e API, or any of Open Babel's language bindings (e.g., Python, Ruby, Java, R, Perl, C#, PHP).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVulnerable Parsing Initiated\u003c/strong\u003e: Open Babel's MSI parser initiates processing of the malformed input file to extract chemical structure data.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOut-of-Bounds Write Occurs\u003c/strong\u003e: During the parsing of the crafted MSI file, the vulnerable logic attempts to write an excessive number of cell translation vectors into the fixed-size \u003ccode\u003etranslationVectors[]\u003c/code\u003e array, resulting in an out-of-bounds write past the array's allocated memory region.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMemory Corruption\u003c/strong\u003e: The out-of-bounds write corrupts adjacent memory, leading to unpredictable program behavior.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDenial of Service or Arbitrary Code Execution\u003c/strong\u003e: This memory corruption can cause the application to crash, resulting in a denial of service, or potentially be leveraged by an attacker to achieve arbitrary code execution on the compromised system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis vulnerability, CVE-2022-46295, impacts organizations utilizing Open Babel for chemical file format processing, particularly those handling untrusted MSI files. Due to Open Babel's common inclusion in Linux distributions and its embedding within various services, a wide array of sectors, from academic research to pharmaceutical and chemical industries, could be affected. Successful exploitation results in memory corruption, leading to application crashes and denial of service, or potentially allowing an attacker to achieve arbitrary code execution, compromising data integrity, confidentiality, or system control.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade all installations of Open Babel to version 3.2.0 or newer to remediate CVE-2022-46295.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sandboxing for applications processing untrusted MSI files using Open Babel to limit the potential impact of memory corruption vulnerabilities like CVE-2022-46295.\u003c/li\u003e\n\u003cli\u003eMonitor systems for crashes of \u003ccode\u003eobabel\u003c/code\u003e processes or applications linked against \u003ccode\u003eOBConversion\u003c/code\u003e library functions, which could indicate attempts at exploiting vulnerabilities like CVE-2022-46295.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T12:46:55Z","date_published":"2026-07-03T12:46:55Z","id":"https://feed.craftedsignal.io/briefs/2026-07-open-babel-oob-write/","summary":"An out-of-bounds write vulnerability (CVE-2022-46295) in Open Babel's MSI parser allows remote attackers to cause memory corruption, denial of service, or potentially arbitrary code execution when a victim opens a specially crafted MSI file using the `obabel` tool or any application linked to the `OBConversion` API.","title":"Open Babel Out-of-Bounds Write in MSI Parser (CVE-2022-46295)","url":"https://feed.craftedsignal.io/briefs/2026-07-open-babel-oob-write/"}],"language":"en","title":"CraftedSignal Threat Feed - Open Babel (\u003c 3.2.0)","version":"https://jsonfeed.org/version/1.1"}