<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Open-Babel - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/tags/open-babel/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Fri, 03 Jul 2026 12:54:02 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/tags/open-babel/feed.xml" rel="self" type="application/rss+xml"/><item><title>Open Babel Uninitialized Pointer Dereference Vulnerability (CVE-2022-42885)</title><link>https://feed.craftedsignal.io/briefs/2026-07-open-babel-uninitialized-ptr-deref/</link><pubDate>Fri, 03 Jul 2026 12:54:02 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-open-babel-uninitialized-ptr-deref/</guid><description>A high-severity memory-safety vulnerability (CVE-2022-42885) in Open Babel's GRO residue parser allows an uninitialized pointer dereference when processing a specially crafted GRO input file, potentially leading to application crash or arbitrary code execution.</description><content:encoded><![CDATA[<p>Open Babel, a widely used C++ library and CLI tool for chemical file format conversions, is affected by a high-severity memory-safety vulnerability, CVE-2022-42885. Discovered in the GRO residue parser, this flaw allows an uninitialized pointer dereference when processing a specially crafted GRO input file. The vulnerability affects all versions up to and including 3.1.1 and was publicly disclosed with a patch in version 3.2.0 on May 26, 2026. Reported by Cisco TALOS, this issue impacts systems where Open Babel's <code>obabel</code> tool, <code>OBConversion</code> API, or its various language bindings (Python, Ruby, Java, R, Perl, C#, PHP) are used to parse untrusted GRO files. Exploitation can lead to application crashes or potentially arbitrary code execution, posing a significant risk to data processing workflows in chemistry and related scientific fields.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker crafts a malicious GRO file specifically designed with a malformed residue record to exploit CVE-2022-42885.</li>
<li>The attacker delivers this malicious GRO file to a target system, potentially via social engineering tactics such as email attachment or by embedding it within a seemingly legitimate data set.</li>
<li>A user or an automated process on the target system opens or attempts to parse the malicious GRO file using the <code>obabel</code> CLI tool, an application leveraging Open Babel's <code>OBConversion</code> API, or one of its language bindings (e.g., Python, Java).</li>
<li>During the parsing of the malformed record, Open Babel's GRO reader attempts to access a residue pointer that has not been properly initialized.</li>
<li>This uninitialized pointer dereference leads to a memory access violation within the process.</li>
<li>The memory access violation results in the application crashing (denial of service) or, in a more severe scenario, allows the attacker to achieve arbitrary code execution on the host system.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>This vulnerability impacts systems that utilize Open Babel, particularly those that process GRO chemical file format data from untrusted sources. Since Open Babel is commonly shipped by Linux distributions and embedded in scientific services, a broad range of research institutions, academic organizations, and industrial entities could be affected. Successful exploitation via CVE-2022-42885 leads to immediate application termination, causing denial of service for any service or tool relying on Open Babel's GRO parsing. More critically, skilled attackers could potentially leverage this memory corruption to achieve arbitrary code execution on the compromised system, allowing for data exfiltration, further system compromise, or the deployment of additional malicious payloads.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Immediately update all installations of Open Babel to version 3.2.0 or newer to patch CVE-2022-42885.</li>
<li>Implement strict input validation and sandboxing for applications that process untrusted or user-supplied GRO files using Open Babel.</li>
<li>Educate users on the risks of opening or processing untrusted files, consistent with the initial access vector that requires a victim to open a malicious GRO file.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>vulnerability</category><category>memory-safety</category><category>cve</category><category>open-babel</category></item><item><title>Open Babel PQS coord_file parser suffers from out-of-bounds write vulnerability (CVE-2022-43467)</title><link>https://feed.craftedsignal.io/briefs/2026-07-open-babel-pqs-oob-write/</link><pubDate>Fri, 03 Jul 2026 12:53:09 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-open-babel-pqs-oob-write/</guid><description>A high-severity memory-safety vulnerability (CVE-2022-43467) in Open Babel's PQS `coord_file` parser allows an attacker to achieve an out-of-bounds write by tricking a victim into opening a specially crafted PQS file, potentially leading to arbitrary code execution or denial of service in systems processing untrusted chemistry file formats.</description><content:encoded><![CDATA[<p>A high-severity memory-safety vulnerability, identified as CVE-2022-43467, has been discovered in Open Babel's PQS <code>coord_file</code> parser. This flaw affects all versions up to and including 3.1.1 of the Open Babel library and CLI tool, which is critical for processing various chemistry file formats. Exploitation occurs when a victim processes a specially crafted PQS file, leading to an out-of-bounds write within the <code>coord_file</code> parsing path. This vulnerability was reported by Cisco TALOS and subsequently patched in version 3.2.0, released on 2026-05-26. Given Open Babel's widespread use across Linux distributions and in services that handle untrusted input, this flaw poses a significant risk of arbitrary code execution or denial of service.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker crafts a specially designed PQS file containing a malformed <code>coord_file</code> specifier that targets the vulnerability.</li>
<li>The attacker delivers this malicious PQS file to a target system or user, often via email, download, or integration into a workflow.</li>
<li>A user or automated service on the victim system opens and processes the malicious PQS file using an affected Open Babel component (e.g., <code>obabel</code> CLI tool, <code>OBConversion</code> API, or language bindings).</li>
<li>During the parsing process of the PQS <code>coord_file</code> path, the malformed specifier triggers an out-of-bounds write operation.</li>
<li>This memory corruption overwrites adjacent memory regions, leading to unpredictable program behavior, including crashes.</li>
<li>Successful exploitation can result in application crashes (Denial of Service) or, with further exploitation, arbitrary code execution on the compromised system.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The vulnerability affects any system or service utilizing Open Babel versions up to 3.1.1 to process PQS files, particularly those that handle untrusted or external input. Open Babel is widely deployed as a C++ library and command-line interface, integrated into Linux distributions and various scientific applications. Successful exploitation of CVE-2022-43467 can lead to service disruption through denial of service (application crashes) or, more severely, arbitrary code execution, allowing attackers to gain control over affected systems. The full scope of potential victims is broad due to the library's foundational role in chemistry informatics.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Immediately update all Open Babel installations to version 3.2.0 or later to patch CVE-2022-43467.</li>
<li>For Python environments, ensure <code>pip/openbabel</code> is updated to a version greater than or equal to 3.2.0.</li>
<li>Implement strict input validation for all PQS files processed by Open Babel components, especially those originating from untrusted sources, to mitigate the risk of malformed file attacks.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>open-babel</category><category>vulnerability</category><category>memory-corruption</category><category>cve</category><category>library</category></item><item><title>Open Babel Has Uninitialized Pointer Dereference in MSI Atom Parser</title><link>https://feed.craftedsignal.io/briefs/2026-07-open-babel-msi-parser-vuln/</link><pubDate>Fri, 03 Jul 2026 12:51:24 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-open-babel-msi-parser-vuln/</guid><description>A memory-safety vulnerability (CVE-2022-44451) in Open Babel's MSI parser allows for an uninitialized pointer dereference when processing a specially crafted MSI input file, affecting versions prior to 3.2.0 and potentially leading to application instability or denial of service when a victim opens a malicious file.</description><content:encoded><![CDATA[<p>A memory-safety vulnerability, identified as CVE-2022-44451, has been discovered in Open Babel, a widely used C++ library and command-line interface for chemistry file format manipulation. Reported by Cisco TALOS, this flaw exists within Open Babel's MSI atom parser, leading to an uninitialized pointer dereference when processing a specially crafted input file. This vulnerability affects all Open Babel versions up to and including 3.1.1. Attackers could exploit this by convincing a victim to open a malicious MSI file using the <code>obabel</code> CLI tool, the <code>OBConversion</code> API, or any of its language bindings (Python, Ruby, Java, R, Perl, C#, PHP). This could lead to application instability, crashes, or denial of service on systems that parse untrusted chemical file formats, impacting scientific computing environments and services embedding the library.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker crafts a malicious MSI (Molecular Structure Input) file specifically designed to trigger the uninitialized pointer dereference vulnerability (CVE-2022-44451) within Open Babel's parser.</li>
<li>The attacker delivers this malicious MSI file to a target system or user, potentially through phishing emails, malicious websites, or embedding it within a seemingly legitimate data set.</li>
<li>The victim opens or attempts to process the malicious MSI file using the <code>obabel</code> command-line tool, an application leveraging the <code>OBConversion</code> API, or any of Open Babel's language bindings (e.g., Python, Ruby).</li>
<li>Open Babel's internal MSI parser begins to process the malformed record within the crafted input file.</li>
<li>During atom handling, the parser attempts to dereference an atom pointer that has not been properly initialized, triggering the memory-safety flaw.</li>
<li>This uninitialized pointer dereference causes the Open Babel application or the service embedding it to crash or become unstable.</li>
<li>The final objective is application denial of service or potential arbitrary code execution, impacting the availability and integrity of the affected system.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>This vulnerability primarily results in application instability or denial of service, as the affected Open Babel process crashes when attempting to parse a malicious MSI file. Given Open Babel's role as a core library and CLI tool shipped by various Linux distributions and embedded in services that process chemical file formats, a successful attack could disrupt scientific computing workflows, research data processing, or any service relying on Open Babel for untrusted input parsing. While no specific victim counts are available, the broad usage of Open Babel implies a significant potential attack surface across academic, research, and industrial sectors utilizing computational chemistry.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Immediately update Open Babel installations to version 3.2.0 or newer to mitigate CVE-2022-44451, as indicated by the <code>Patched version</code> details.</li>
<li>Implement robust input validation and sanitization for all MSI files processed by applications leveraging Open Babel, especially when dealing with untrusted sources, to prevent malformed records from reaching the vulnerable parser.</li>
<li>Monitor for unexpected crashes or abnormal termination of the <code>obabel</code> CLI tool or any applications using the <code>OBConversion</code> API when processing MSI files, as this could indicate an attempted exploitation of CVE-2022-44451.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>chemistry</category><category>vulnerability</category><category>memory-safety</category><category>open-babel</category><category>cve</category></item></channel></rss>