CVE-2022-46292

Name of the Vulnerable Software and Affected Versions Open Babel versions 3.1.1 and prior

Description The issue is related to an out-of-bounds write vulnerability in the translationVectors parsing functionality of Open Babel, which can be exploited by a remote attacker using a specially crafted malformed file to achieve arbitrary code execution. This vulnerability affects the MOPAC file format, specifically inside the Unit Cell Translation section.

Recommendations For Open Babel version 3.1.1, consider disabling the translationVectors parsing functionality until a patch is available. Restrict access to the MOPAC file format, especially the Unit Cell Translation section, to minimize the risk of exploitation. Avoid using specially crafted malformed files that could trigger this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.