{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/open-babel/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:openbabel:open_babel:3.1.1:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":9.8,"id":"CVE-2022-42885"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Open Babel \u003c= 3.1.1","openbabel (pip) \u003c 3.2.0"],"_cs_severities":["high"],"_cs_tags":["vulnerability","memory-safety","cve","open-babel"],"_cs_type":"advisory","_cs_vendors":["Open Babel"],"content_html":"\u003cp\u003eOpen Babel, a widely used C++ library and CLI tool for chemical file format conversions, is affected by a high-severity memory-safety vulnerability, CVE-2022-42885. Discovered in the GRO residue parser, this flaw allows an uninitialized pointer dereference when processing a specially crafted GRO input file. The vulnerability affects all versions up to and including 3.1.1 and was publicly disclosed with a patch in version 3.2.0 on May 26, 2026. Reported by Cisco TALOS, this issue impacts systems where Open Babel's \u003ccode\u003eobabel\u003c/code\u003e tool, \u003ccode\u003eOBConversion\u003c/code\u003e API, or its various language bindings (Python, Ruby, Java, R, Perl, C#, PHP) are used to parse untrusted GRO files. Exploitation can lead to application crashes or potentially arbitrary code execution, posing a significant risk to data processing workflows in chemistry and related scientific fields.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious GRO file specifically designed with a malformed residue record to exploit CVE-2022-42885.\u003c/li\u003e\n\u003cli\u003eThe attacker delivers this malicious GRO file to a target system, potentially via social engineering tactics such as email attachment or by embedding it within a seemingly legitimate data set.\u003c/li\u003e\n\u003cli\u003eA user or an automated process on the target system opens or attempts to parse the malicious GRO file using the \u003ccode\u003eobabel\u003c/code\u003e CLI tool, an application leveraging Open Babel's \u003ccode\u003eOBConversion\u003c/code\u003e API, or one of its language bindings (e.g., Python, Java).\u003c/li\u003e\n\u003cli\u003eDuring the parsing of the malformed record, Open Babel's GRO reader attempts to access a residue pointer that has not been properly initialized.\u003c/li\u003e\n\u003cli\u003eThis uninitialized pointer dereference leads to a memory access violation within the process.\u003c/li\u003e\n\u003cli\u003eThe memory access violation results in the application crashing (denial of service) or, in a more severe scenario, allows the attacker to achieve arbitrary code execution on the host system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis vulnerability impacts systems that utilize Open Babel, particularly those that process GRO chemical file format data from untrusted sources. Since Open Babel is commonly shipped by Linux distributions and embedded in scientific services, a broad range of research institutions, academic organizations, and industrial entities could be affected. Successful exploitation via CVE-2022-42885 leads to immediate application termination, causing denial of service for any service or tool relying on Open Babel's GRO parsing. More critically, skilled attackers could potentially leverage this memory corruption to achieve arbitrary code execution on the compromised system, allowing for data exfiltration, further system compromise, or the deployment of additional malicious payloads.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately update all installations of Open Babel to version 3.2.0 or newer to patch CVE-2022-42885.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sandboxing for applications that process untrusted or user-supplied GRO files using Open Babel.\u003c/li\u003e\n\u003cli\u003eEducate users on the risks of opening or processing untrusted files, consistent with the initial access vector that requires a victim to open a malicious GRO file.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T12:54:02Z","date_published":"2026-07-03T12:54:02Z","id":"https://feed.craftedsignal.io/briefs/2026-07-open-babel-uninitialized-ptr-deref/","summary":"A high-severity memory-safety vulnerability (CVE-2022-42885) in Open Babel's GRO residue parser allows an uninitialized pointer dereference when processing a specially crafted GRO input file, potentially leading to application crash or arbitrary code execution.","title":"Open Babel Uninitialized Pointer Dereference Vulnerability (CVE-2022-42885)","url":"https://feed.craftedsignal.io/briefs/2026-07-open-babel-uninitialized-ptr-deref/"},{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:openbabel:open_babel:3.1.1:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":9.8,"id":"CVE-2022-43467"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Open Babel (vulnerable: \u003c 3.2.0)","pip/openbabel (vulnerable: \u003c 3.2.0)"],"_cs_severities":["high"],"_cs_tags":["open-babel","vulnerability","memory-corruption","cve","library"],"_cs_type":"advisory","_cs_vendors":["Open Babel"],"content_html":"\u003cp\u003eA high-severity memory-safety vulnerability, identified as CVE-2022-43467, has been discovered in Open Babel's PQS \u003ccode\u003ecoord_file\u003c/code\u003e parser. This flaw affects all versions up to and including 3.1.1 of the Open Babel library and CLI tool, which is critical for processing various chemistry file formats. Exploitation occurs when a victim processes a specially crafted PQS file, leading to an out-of-bounds write within the \u003ccode\u003ecoord_file\u003c/code\u003e parsing path. This vulnerability was reported by Cisco TALOS and subsequently patched in version 3.2.0, released on 2026-05-26. Given Open Babel's widespread use across Linux distributions and in services that handle untrusted input, this flaw poses a significant risk of arbitrary code execution or denial of service.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a specially designed PQS file containing a malformed \u003ccode\u003ecoord_file\u003c/code\u003e specifier that targets the vulnerability.\u003c/li\u003e\n\u003cli\u003eThe attacker delivers this malicious PQS file to a target system or user, often via email, download, or integration into a workflow.\u003c/li\u003e\n\u003cli\u003eA user or automated service on the victim system opens and processes the malicious PQS file using an affected Open Babel component (e.g., \u003ccode\u003eobabel\u003c/code\u003e CLI tool, \u003ccode\u003eOBConversion\u003c/code\u003e API, or language bindings).\u003c/li\u003e\n\u003cli\u003eDuring the parsing process of the PQS \u003ccode\u003ecoord_file\u003c/code\u003e path, the malformed specifier triggers an out-of-bounds write operation.\u003c/li\u003e\n\u003cli\u003eThis memory corruption overwrites adjacent memory regions, leading to unpredictable program behavior, including crashes.\u003c/li\u003e\n\u003cli\u003eSuccessful exploitation can result in application crashes (Denial of Service) or, with further exploitation, arbitrary code execution on the compromised system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe vulnerability affects any system or service utilizing Open Babel versions up to 3.1.1 to process PQS files, particularly those that handle untrusted or external input. Open Babel is widely deployed as a C++ library and command-line interface, integrated into Linux distributions and various scientific applications. Successful exploitation of CVE-2022-43467 can lead to service disruption through denial of service (application crashes) or, more severely, arbitrary code execution, allowing attackers to gain control over affected systems. The full scope of potential victims is broad due to the library's foundational role in chemistry informatics.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately update all Open Babel installations to version 3.2.0 or later to patch CVE-2022-43467.\u003c/li\u003e\n\u003cli\u003eFor Python environments, ensure \u003ccode\u003epip/openbabel\u003c/code\u003e is updated to a version greater than or equal to 3.2.0.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation for all PQS files processed by Open Babel components, especially those originating from untrusted sources, to mitigate the risk of malformed file attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T12:53:09Z","date_published":"2026-07-03T12:53:09Z","id":"https://feed.craftedsignal.io/briefs/2026-07-open-babel-pqs-oob-write/","summary":"A high-severity memory-safety vulnerability (CVE-2022-43467) in Open Babel's PQS `coord_file` parser allows an attacker to achieve an out-of-bounds write by tricking a victim into opening a specially crafted PQS file, potentially leading to arbitrary code execution or denial of service in systems processing untrusted chemistry file formats.","title":"Open Babel PQS coord_file parser suffers from out-of-bounds write vulnerability (CVE-2022-43467)","url":"https://feed.craftedsignal.io/briefs/2026-07-open-babel-pqs-oob-write/"},{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:openbabel:open_babel:3.1.1:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":9.8,"id":"CVE-2022-44451"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Open Babel (\u003c 3.2.0)"],"_cs_severities":["high"],"_cs_tags":["chemistry","vulnerability","memory-safety","open-babel","cve"],"_cs_type":"advisory","_cs_vendors":["Open Babel"],"content_html":"\u003cp\u003eA memory-safety vulnerability, identified as CVE-2022-44451, has been discovered in Open Babel, a widely used C++ library and command-line interface for chemistry file format manipulation. Reported by Cisco TALOS, this flaw exists within Open Babel's MSI atom parser, leading to an uninitialized pointer dereference when processing a specially crafted input file. This vulnerability affects all Open Babel versions up to and including 3.1.1. Attackers could exploit this by convincing a victim to open a malicious MSI file using the \u003ccode\u003eobabel\u003c/code\u003e CLI tool, the \u003ccode\u003eOBConversion\u003c/code\u003e API, or any of its language bindings (Python, Ruby, Java, R, Perl, C#, PHP). This could lead to application instability, crashes, or denial of service on systems that parse untrusted chemical file formats, impacting scientific computing environments and services embedding the library.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious MSI (Molecular Structure Input) file specifically designed to trigger the uninitialized pointer dereference vulnerability (CVE-2022-44451) within Open Babel's parser.\u003c/li\u003e\n\u003cli\u003eThe attacker delivers this malicious MSI file to a target system or user, potentially through phishing emails, malicious websites, or embedding it within a seemingly legitimate data set.\u003c/li\u003e\n\u003cli\u003eThe victim opens or attempts to process the malicious MSI file using the \u003ccode\u003eobabel\u003c/code\u003e command-line tool, an application leveraging the \u003ccode\u003eOBConversion\u003c/code\u003e API, or any of Open Babel's language bindings (e.g., Python, Ruby).\u003c/li\u003e\n\u003cli\u003eOpen Babel's internal MSI parser begins to process the malformed record within the crafted input file.\u003c/li\u003e\n\u003cli\u003eDuring atom handling, the parser attempts to dereference an atom pointer that has not been properly initialized, triggering the memory-safety flaw.\u003c/li\u003e\n\u003cli\u003eThis uninitialized pointer dereference causes the Open Babel application or the service embedding it to crash or become unstable.\u003c/li\u003e\n\u003cli\u003eThe final objective is application denial of service or potential arbitrary code execution, impacting the availability and integrity of the affected system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis vulnerability primarily results in application instability or denial of service, as the affected Open Babel process crashes when attempting to parse a malicious MSI file. Given Open Babel's role as a core library and CLI tool shipped by various Linux distributions and embedded in services that process chemical file formats, a successful attack could disrupt scientific computing workflows, research data processing, or any service relying on Open Babel for untrusted input parsing. While no specific victim counts are available, the broad usage of Open Babel implies a significant potential attack surface across academic, research, and industrial sectors utilizing computational chemistry.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately update Open Babel installations to version 3.2.0 or newer to mitigate CVE-2022-44451, as indicated by the \u003ccode\u003ePatched version\u003c/code\u003e details.\u003c/li\u003e\n\u003cli\u003eImplement robust input validation and sanitization for all MSI files processed by applications leveraging Open Babel, especially when dealing with untrusted sources, to prevent malformed records from reaching the vulnerable parser.\u003c/li\u003e\n\u003cli\u003eMonitor for unexpected crashes or abnormal termination of the \u003ccode\u003eobabel\u003c/code\u003e CLI tool or any applications using the \u003ccode\u003eOBConversion\u003c/code\u003e API when processing MSI files, as this could indicate an attempted exploitation of CVE-2022-44451.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T12:51:24Z","date_published":"2026-07-03T12:51:24Z","id":"https://feed.craftedsignal.io/briefs/2026-07-open-babel-msi-parser-vuln/","summary":"A memory-safety vulnerability (CVE-2022-44451) in Open Babel's MSI parser allows for an uninitialized pointer dereference when processing a specially crafted MSI input file, affecting versions prior to 3.2.0 and potentially leading to application instability or denial of service when a victim opens a malicious file.","title":"Open Babel Has Uninitialized Pointer Dereference in MSI Atom Parser","url":"https://feed.craftedsignal.io/briefs/2026-07-open-babel-msi-parser-vuln/"}],"language":"en","title":"CraftedSignal Threat Feed - Open-Babel","version":"https://jsonfeed.org/version/1.1"}