24 matches found
CVE-2022-42885
CVE-2022-42885 affects Open Babel, specifically the GRO format res functionality in Open Babel 3.1.1 and the master commit 530dbfa3. The root cause is an uninitialized pointer, and processing a specially crafted malformed file can lead to arbitrary code execution. The vulnerability is triggered b...
CVE-2022-46295
CVE-2022-46295 affects Open Babel 3.1.1 and the master commit 530dbfa3, where the translationVectors parsing has multiple out-of-bounds write vulnerabilities in several supported formats. A specially crafted malformed file can lead to arbitrary code execution, and this vulnerability specifically ...
CVE-2022-43467
CVE-2022-43467 affects Open Babel 3.1.1 and the master commit 530dbfa3, with an out-of-bounds write in the PQS format coord_file functionality. A specially crafted malformed file can lead to arbitrary code execution. The vulnerability details are tied to Open Babel; Talos references indicate mult...
CVE-2022-46294
Open Babel 3.1.1 and the related master commit 530dbfa3 contain multiple out-of-bounds write vulnerabilities in the translationVectors parsing functionality across multiple supported formats. A specially crafted malformed file can trigger arbitrary code execution, with the MOPAC Cartesian file fo...
CVE-2022-43607
CVE-2022-43607 describes an out-of-bounds write in the MOL2 format attribute/value handling of Open Babel 3.1.1 and the master commit 530dbfa3. The vulnerability can be triggered by a specially crafted MOL2 file, potentially leading to arbitrary code execution on a system that processes the file....
CVE-2022-46280
Open Babel 3.1.1 (and the master commit 530dbfa3) is affected by CVE-2022-46280 due to a use of uninitialized pointer in the PQS format pFormat functionality. A specially crafted malformed file can lead to arbitrary code execution. Attacker-controlled input is required to trigger the issue; explo...
CVE-2022-46291
Open Babel 3.1.1 and the master commit 530dbfa3 are affected by multiple out-of-bounds write vulnerabilities in the translationVectors parsing logic across several formats (notably MSI). The vulnerable code paths read lines, tokenize, and increment an index into translationVectors without proper ...
CVE-2022-44451
CVE-2022-44451 affects Open Babel 3.1.1 and the master branch (commit 530dbfa3). The issue is a use of an uninitialized pointer in the MSI format atom functionality, which an attacker can trigger by supplying a specially crafted malformed file to achieve arbitrary code execution. Public reference...
CVE-2022-46290
CVE-2022-46290 affects Open Babel (ORCA format nAtoms) with multiple out-of-bounds write vulnerabilities in Open Babel 3.1.1 and the master branch commit 530dbfa3. A specially crafted malformed file can trigger an arbitrary code execution; the vulnerability arises because the loop that stores coo...
CVE-2022-46292
The CVE affects Open Babel 3.1.1 and the master commit 530dbfa3, where multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing for several formats. A specially crafted file can trigger arbitrary code execution, specifically affecting the MOPAC file format inside the U...
CVE-2022-41793
CVE-2022-41793 describes an out-of-bounds write in the CSR format title handling of Open Babel 3.1.1 and the master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. The affected component is Open Babel; impact is arbitrary code execution with a crafted fil...
CVE-2022-46289
CVE-2022-46289 affects Open Babel 3.1.1 (and master commit 530dbfa3) with multiple out-of-bounds write vulnerabilities in the ORCA format nAtoms functionality. A specially crafted malformed file can trigger arbitrary code execution. Documented impact includes potential for code execution and buff...
CVE-2022-37331
Open Babel 3.1.1 and the master commit 530dbfa3 contain an out-of-bounds write vulnerability in the Gaussian format orientation functionality. A specially crafted file can lead to arbitrary code execution. Documented impact includes HIGH severity with CVSSv3.1 base scores of 7.8 (LOCAL attack, us...
CVE-2022-46293
CVE-2022-46293 concerns multiple out-of-bounds write vulnerabilities in Open Babel’s translationVectors parsing for formats including the MOPAC file format (Final Point and Derivatives). Affected software is Open Babel 3.1.1 and the repository master commit 530dbfa3 . The issue can be triggered b...
CVE-2025-10999
Open Babel up to 3.1.1 is affected by CVE-2025-10999 in the CacaoFormat::SetHilderbrandt function (src/formats/cacaoformat.cpp). The vulnerability is a null pointer dereference triggered by manipulated input and requires local access. Exploitation details have been publicized, and multiple source...
CVE-2026-2705
Summary: CVE-2026-2705 affects Open Babel up to 3.1.1. The vulnerable element is OBAtom::SetFormalCharge in include/openbabel/atom.h within the MOL2 File Handler. This manipulation can cause an out-of-bounds read and, per sources, can be exploited remotely; the exploit is public and may be used. ...
CVE-2025-11000
Open Babel up to 3.1.1 is affected by a vulnerability in PQSFormat::ReadMolecule (/src/formats/PQSformat.cpp) that can trigger a NULL pointer dereference. The attack is local, with exploitation information publicly disclosed. Affected products are Open Babel versions up to 3.1.1; remediation deta...
CVE-2026-3408
Open Babel versions up to 3.1.1 are affected in the CDXML File Handler, specifically OBAtom::GetExplicitValence in isrc/atom.cpp, where input manipulation can trigger a null pointer dereference. The issue can be exploited remotely and a public exploit is available. A patch identified as e23a224b8...
CVE-2025-10994
CVE-2025-10994 affects Open Babel up to 3.1.1. The vulnerability is in GAMESSOutputFormat::ReadMolecule (gamessformat.cpp), where manipulated input leads to a use-after-free. The issue permits a local-host exploit, and public PoCs/exploit material have been released. Connected disclosures also re...
CVE-2025-10997
Open Babel up to 3.1.1 contains a vulnerability in the ChemKinFormat::CheckSpecies function (file src/formats/chemkinformat.cpp) that can trigger a heap-based buffer overflow via local manipulation. The CVE notes that the attack is local and the exploit has been published, with potential for expl...
CVE-2025-10996
Open Babel up to 3.1.1 is affected by a heap-based buffer overflow in OBSmilesParser::ParseSmiles (Smiles format parser) within /src/formats/smilesformat.cpp. The vulnerability can be triggered by manipulating input and requires local access; an exploit has been made public. Affected versions up ...
CVE-2025-10995
Open Babel up to 3.1.1 is affected by CVE-2025-10995 due to a vulnerability in zlib_stream::basic_unzip_streambuf::underflow (in /src/zipstreamimpl.h) that can cause memory corruption. The ROS/REDOS entries confirm multiple Open Babel components (including ChemKinFormat, CacaoFormat, and SMILES p...
CVE-2026-2704
Open Babel (up to 3.1.1) contains a vulnerability in CIF File Handler, specifically OpenBabel::transform3d::DescribeAsString in src/math/transform3d.cpp, causing an out-of-bounds read. The issue can be triggered remotely and has public exploit/public disclosure. A patch exists (identifier: e23a22...
CVE-2025-10998
Open Babel