CVE-2022-46289

Name of the Vulnerable Software and Affected Versions Open Babel versions 3.1.1 and prior

Description The issue is related to the nAtoms functionality in the ORCA format of Open Babel, which is associated with an out-of-bounds write operation in memory. This can be exploited by a remote attacker using a specially crafted file, potentially leading to arbitrary code execution. The nAtoms calculation can wrap around, resulting in a small buffer allocation.

Recommendations For Open Babel version 3.1.1, consider disabling the nAtoms functionality in the ORCA format until a patch is available. For versions prior to 3.1.1, restrict the use of the ORCA format to minimize the risk of exploitation. As a temporary workaround, avoid using the nAtoms functionality with untrusted or malicious files until the issue is resolved.