CVE-2022-42885

Name of the Vulnerable Software and Affected Versions Open Babel versions 3.1.1 and prior to the version that includes the fix for this issue

Description The issue is related to the use of an uninitialized pointer in the res function of Open Babel, which is used for converting chemical file formats. This can be exploited by a remote attacker using a specially crafted malformed file, potentially leading to arbitrary code execution. An attacker can trigger this issue by providing a malicious file.

Recommendations For Open Babel version 3.1.1, consider avoiding the use of the GRO format res functionality until a patch is available. As a temporary workaround, restrict the handling of malformed files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.