<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Chemistry - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/tags/chemistry/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Fri, 03 Jul 2026 13:02:04 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/tags/chemistry/feed.xml" rel="self" type="application/rss+xml"/><item><title>Open Babel Heap Buffer Overflow in SMILES Parsing (CVE-2025-10996)</title><link>https://feed.craftedsignal.io/briefs/2026-07-open-babel-heap-buffer-overflow/</link><pubDate>Fri, 03 Jul 2026 13:02:04 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-open-babel-heap-buffer-overflow/</guid><description>A heap buffer overflow vulnerability (CVE-2025-10996) in Open Babel's `OBSmilesParser::ParseSmiles` function allows attackers to achieve denial of service or arbitrary code execution by crafting and supplying a malformed SMILES input string to affected versions up to 3.1.1.</description><content:encoded><![CDATA[<p>A critical memory-safety vulnerability, tracked as CVE-2025-10996, has been identified in Open Babel, a widely used C++ chemistry library and command-line tool. The flaw specifically resides within the <code>OBSmilesParser::ParseSmiles</code> function, which is responsible for interpreting SMILES (Simplified Molecular Input Line Entry Specification) strings. When processing a specially crafted and malformed SMILES input, the parser can write beyond the boundaries of a heap-allocated buffer, leading to a heap buffer overflow. This vulnerability affects all Open Babel versions up to and including 3.1.1. It is particularly concerning because Open Babel is often embedded in services that parse untrusted input and SMILES strings are frequently handled via command-line arguments and automated script pipelines, making the exploitation primitive easily reachable. A patch was released in version 3.2.0 on May 26, 2026, addressing the issue.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li><strong>Attacker crafts malicious SMILES string</strong>: The attacker develops a specially engineered SMILES string designed to exploit the heap buffer overflow vulnerability in Open Babel's <code>OBSmilesParser::ParseSmiles</code> function.</li>
<li><strong>Attacker delivers malicious SMILES string</strong>: The crafted SMILES string is delivered to the victim, potentially via a malicious file (e.g., a <code>.smi</code> file), an email attachment, or as input within a web application or scientific workflow.</li>
<li><strong>Victim initiates SMILES parsing</strong>: The victim, or an automated system, processes the malicious SMILES string using Open Babel through the <code>obabel</code> command-line tool, the <code>OBConversion</code> API, or any of its language bindings (Python, Ruby, Java, R, Perl, C#, PHP).</li>
<li><strong><code>OBSmilesParser::ParseSmiles</code> is invoked</strong>: Open Babel's internal <code>OBSmilesParser::ParseSmiles</code> function is called to interpret the malformed SMILES input string.</li>
<li><strong>Heap buffer overflow triggers</strong>: During parsing, the specially crafted SMILES string causes the <code>ParseSmiles</code> function to write data beyond the allocated memory region on the heap.</li>
<li><strong>Memory corruption and impact</strong>: This heap buffer overflow leads to memory corruption, which can result in a denial-of-service (DoS) condition by crashing the application, or, if successfully manipulated, arbitrary code execution within the context of the vulnerable Open Babel process.</li>
<li><strong>Post-exploitation (if RCE achieved)</strong>: If arbitrary code execution is achieved, the attacker gains control over the compromised process, potentially enabling further actions such as data exfiltration, system compromise, or malware deployment.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The exploitation of CVE-2025-10996 can lead to severe consequences for organizations utilizing Open Babel. At minimum, a successful attack will result in a denial-of-service (DoS) condition, causing the Open Babel application or any service embedding it to crash. More critically, skilled attackers could potentially leverage this heap buffer overflow to achieve arbitrary code execution, granting them unauthorized control over the affected system. Organizations in scientific research, chemical industries, and any sector relying on chemical data processing and Open Babel for parsing untrusted SMILES input are at risk. The broad deployment of Open Babel, including its presence in Linux distributions and various language bindings, expands the potential attack surface.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Patch CVE-2025-10996 immediately by upgrading Open Babel to version 3.2.0 or later on all affected systems and integrated services.</li>
<li>Review all instances where Open Babel is used to parse external or untrusted SMILES input, especially those invoked via command-line or programmatic APIs.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>vulnerability</category><category>buffer-overflow</category><category>chemistry</category><category>library</category><category>cve</category></item><item><title>Open Babel Heap Buffer Overflow in ChemKin Parser (CVE-2025-10997)</title><link>https://feed.craftedsignal.io/briefs/2026-07-open-babel-heap-overflow/</link><pubDate>Fri, 03 Jul 2026 13:01:12 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-open-babel-heap-overflow/</guid><description>A heap buffer overflow vulnerability (CVE-2025-10997) in Open Babel's ChemKin parser allows an attacker to achieve memory corruption when a victim processes a specially crafted ChemKin file, potentially leading to denial of service or arbitrary code execution.</description><content:encoded><![CDATA[<p>A memory-safety vulnerability, identified as CVE-2025-10997, has been discovered in Open Babel, a widely used C++ library and command-line tool for chemistry file format conversion. This flaw, reported via OSS-Fuzz, specifically exists within the <code>ChemKinFormat::CheckSpecies</code> function of the ChemKin parser. Attackers can exploit this vulnerability by crafting a malicious ChemKin file that, when processed by a victim using Open Babel components (such as the <code>obabel</code> tool, the <code>OBConversion</code> API, or its language bindings), causes a heap buffer overflow. This leads to memory corruption, potentially resulting in application crashes (Denial of Service) or, under certain conditions, arbitrary code execution. All Open Babel releases up to and including version 3.1.1 are affected; the vulnerability was patched in version 3.2.0, released on 2026-05-26.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>Attacker crafts a malicious ChemKin file specifically designed to contain malformed species records, triggering the heap buffer overflow in <code>ChemKinFormat::CheckSpecies</code>.</li>
<li>The malicious ChemKin file is delivered to the victim, typically via social engineering (e.g., email attachment), malicious download link, or embedding within a seemingly legitimate data set.</li>
<li>The victim interacts with the malicious file, causing it to be processed by an Open Babel component, such as the <code>obabel</code> command-line tool, the <code>OBConversion</code> API, or one of its language bindings (Python, Ruby, Java, etc.).</li>
<li>Open Babel's internal parser, specifically within the <code>ChemKinFormat::CheckSpecies</code> function, attempts to process the malformed species record from the crafted file.</li>
<li>Due to the malformed data, the <code>ChemKinFormat::CheckSpecies</code> function attempts to write data beyond the allocated bounds of a heap-allocated buffer.</li>
<li>This heap buffer overflow corrupts memory, leading to an application crash (Denial of Service) or, under specific conditions, allows for arbitrary code execution on the victim's system.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2025-10997 can lead to severe consequences for systems processing untrusted ChemKin files with affected versions of Open Babel. The primary impact includes denial of service, as the application processing the malicious file will likely crash due to memory corruption. More critically, sophisticated exploitation could lead to arbitrary code execution, granting attackers control over the compromised system. Open Babel is widely integrated, being shipped by Linux distributions and embedded in various services that parse chemical file formats. Organizations using Open Babel in such contexts, especially those handling external or untrusted data, are at risk.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Patch CVE-2025-10997 by upgrading all instances of Open Babel and its language bindings to version 3.2.0 or later immediately.</li>
<li>Implement strict input validation and sanitization for all ChemKin files processed by applications utilizing Open Babel components to mitigate risks from specially crafted inputs.</li>
<li>Monitor systems that utilize Open Babel for unexpected application crashes or unusual process behavior that could indicate attempted exploitation.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>chemistry</category><category>vulnerability</category><category>buffer-overflow</category><category>memory-corruption</category><category>cve</category></item><item><title>Open Babel MOL2 Parser Out-of-Bounds Write (CVE-2022-43607)</title><link>https://feed.craftedsignal.io/briefs/2026-07-openbabel-oob-write/</link><pubDate>Fri, 03 Jul 2026 12:52:17 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-openbabel-oob-write/</guid><description>A memory-safety vulnerability, CVE-2022-43607, in Open Babel's MOL2 parser allows an out-of-bounds write when processing a crafted input file, potentially leading to denial of service or arbitrary code execution.</description><content:encoded><![CDATA[<p>Cisco TALOS reported a critical memory-safety vulnerability, CVE-2022-43607, affecting Open Babel versions up to 3.1.1. This flaw resides within the MOL2 file format parser, specifically in the attribute/value parsing path. An attacker can craft a malicious MOL2 file containing an overly long attribute or value, which, when processed by the vulnerable Open Babel software, triggers an out-of-bounds write. This vulnerability is significant because Open Babel is a widely used C++ library and command-line interface (<code>obabel</code>) for manipulating chemistry file formats, often embedded in scientific applications and services. The vulnerability can be exploited when a victim opens a specially crafted MOL2 file using the <code>obabel</code> tool, the <code>OBConversion</code> API, or any of its language bindings (Python, Ruby, Java, R, Perl, C#, PHP). This can lead to memory corruption, denial of service, or potentially arbitrary code execution if successfully weaponized.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker crafts a malicious MOL2 file containing an over-long attribute or value designed to exceed a fixed-size buffer.</li>
<li>The attacker delivers this crafted MOL2 file to a target system or user (e.g., via email, web download, or shared storage).</li>
<li>The victim opens or processes the malicious MOL2 file using the <code>obabel</code> command-line tool, the <code>OBConversion</code> API, or one of Open Babel's language bindings.</li>
<li>Open Babel's MOL2 parser attempts to parse the malicious file's attributes and values.</li>
<li>During parsing, the overly long data triggers an out-of-bounds write operation past the end of an allocated memory buffer.</li>
<li>This memory corruption can lead to a crash of the Open Babel process, resulting in a denial of service (DoS).</li>
<li>With sophisticated exploitation, this memory corruption could potentially be leveraged to achieve arbitrary code execution.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The successful exploitation of CVE-2022-43607 can result in memory corruption, leading to a denial of service (DoS) by crashing the application or tool processing the malicious MOL2 file. In more severe scenarios, it could enable arbitrary code execution, granting attackers control over the compromised system. While no specific in-the-wild exploitation has been observed, the widespread use of Open Babel in academic, research, and industrial sectors that handle chemical data means that a broad range of organizations could be affected. Any service or workstation that uses Open Babel to parse untrusted MOL2 files is at risk.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Patch CVE-2022-43607 by updating Open Babel to version 3.2.0 or later immediately across all affected systems.</li>
<li>Implement process creation logging (e.g., Sysmon for Windows or Auditd for Linux) to activate the provided Sigma rule for <code>obabel</code> execution.</li>
<li>Review and tune the provided Sigma rule to monitor for unusual invocations of the <code>obabel</code> command-line tool, especially from untrusted sources or with uncommon parameters.</li>
<li>Educate users on the risks of opening untrusted or suspicious MOL2 files received from unknown sources, as user interaction is required for exploitation.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">threat</category><category>memory-safety</category><category>vulnerability</category><category>library</category><category>cve</category><category>file-parsing</category><category>chemistry</category><category>denial-of-service</category><category>code-execution</category></item><item><title>Open Babel Has Uninitialized Pointer Dereference in MSI Atom Parser</title><link>https://feed.craftedsignal.io/briefs/2026-07-open-babel-msi-parser-vuln/</link><pubDate>Fri, 03 Jul 2026 12:51:24 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-open-babel-msi-parser-vuln/</guid><description>A memory-safety vulnerability (CVE-2022-44451) in Open Babel's MSI parser allows for an uninitialized pointer dereference when processing a specially crafted MSI input file, affecting versions prior to 3.2.0 and potentially leading to application instability or denial of service when a victim opens a malicious file.</description><content:encoded><![CDATA[<p>A memory-safety vulnerability, identified as CVE-2022-44451, has been discovered in Open Babel, a widely used C++ library and command-line interface for chemistry file format manipulation. Reported by Cisco TALOS, this flaw exists within Open Babel's MSI atom parser, leading to an uninitialized pointer dereference when processing a specially crafted input file. This vulnerability affects all Open Babel versions up to and including 3.1.1. Attackers could exploit this by convincing a victim to open a malicious MSI file using the <code>obabel</code> CLI tool, the <code>OBConversion</code> API, or any of its language bindings (Python, Ruby, Java, R, Perl, C#, PHP). This could lead to application instability, crashes, or denial of service on systems that parse untrusted chemical file formats, impacting scientific computing environments and services embedding the library.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker crafts a malicious MSI (Molecular Structure Input) file specifically designed to trigger the uninitialized pointer dereference vulnerability (CVE-2022-44451) within Open Babel's parser.</li>
<li>The attacker delivers this malicious MSI file to a target system or user, potentially through phishing emails, malicious websites, or embedding it within a seemingly legitimate data set.</li>
<li>The victim opens or attempts to process the malicious MSI file using the <code>obabel</code> command-line tool, an application leveraging the <code>OBConversion</code> API, or any of Open Babel's language bindings (e.g., Python, Ruby).</li>
<li>Open Babel's internal MSI parser begins to process the malformed record within the crafted input file.</li>
<li>During atom handling, the parser attempts to dereference an atom pointer that has not been properly initialized, triggering the memory-safety flaw.</li>
<li>This uninitialized pointer dereference causes the Open Babel application or the service embedding it to crash or become unstable.</li>
<li>The final objective is application denial of service or potential arbitrary code execution, impacting the availability and integrity of the affected system.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>This vulnerability primarily results in application instability or denial of service, as the affected Open Babel process crashes when attempting to parse a malicious MSI file. Given Open Babel's role as a core library and CLI tool shipped by various Linux distributions and embedded in services that process chemical file formats, a successful attack could disrupt scientific computing workflows, research data processing, or any service relying on Open Babel for untrusted input parsing. While no specific victim counts are available, the broad usage of Open Babel implies a significant potential attack surface across academic, research, and industrial sectors utilizing computational chemistry.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Immediately update Open Babel installations to version 3.2.0 or newer to mitigate CVE-2022-44451, as indicated by the <code>Patched version</code> details.</li>
<li>Implement robust input validation and sanitization for all MSI files processed by applications leveraging Open Babel, especially when dealing with untrusted sources, to prevent malformed records from reaching the vulnerable parser.</li>
<li>Monitor for unexpected crashes or abnormal termination of the <code>obabel</code> CLI tool or any applications using the <code>OBConversion</code> API when processing MSI files, as this could indicate an attempted exploitation of CVE-2022-44451.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>chemistry</category><category>vulnerability</category><category>memory-safety</category><category>open-babel</category><category>cve</category></item></channel></rss>