CVE-2022-46290

Name of the Vulnerable Software and Affected Versions Open Babel versions 3.1.1 and master commit 530dbfa3

Description The issue is related to out-of-bounds write vulnerabilities in the ORCA format nAtoms functionality. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. The loop that stores the coordinates does not check its index against nAtoms, which can be exploited.

Recommendations For Open Babel version 3.1.1, consider disabling the functionality related to the ORCA format nAtoms until a patch is available. For Open Babel master commit 530dbfa3, restrict the use of the nAtoms functionality to minimize the risk of exploitation. Avoid using malicious files that can trigger this issue until the vulnerability is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.