Out-of-bounds write vulnerabilities in popular chemistry software; Foxit PDF Reader issues could lead to remote code execution

Cisco Talos recently worked with two vendors to patch multiple vulnerabilities in a favored software library used in chemistry laboratories and the Foxit PDF Reader, one of the most popular PDF reader alternatives to Adobe Acrobat.

Attackers could exploit these vulnerabilities to carry out a variety of attacks, in some cases gaining the ability to execute remote code on the targeted machine.

Seven of the vulnerabilities included in today's Vulnerability Roundup have a CVSS severity score of 9.8 out of a possible 10.

For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence's website.

Multiple vulnerabilities in Open Babel software

Talos researchers recently discovered multiple vulnerabilities in Open Babel, an open-source software library used in a variety of chemistry and research settings.

Open Babel allows users to "search, convert, analyze, or store data from molecular modeling, chemistry, solid-state materials, biochemistry, or related areas," according to its website, and is used in other popular pieces of software in the science field. Therefore, there are cases where these vulnerabilities are accessible via the internet.

The vulnerabilities Talos disclosed to the operators of Open Babel can all be triggered by tricking a user into opening a specially crafted, malformed file. Depending on the platform and on how the code is compiled, these vulnerabilities could lead to arbitrary code execution:

• TALOS-2022-1664 (CVE-2022-43607)
• TALOS-2022-1665 (CVE-2022-46289, CVE-2022-46290)
• TALOS-2022-1666 (CVE-2022-46292, CVE-2022-46295, CVE-2022-46294, CVE-2022-46293, CVE-2022-46291)
• TALOS-2022-1667 (CVE-2022-41793)
• TALOS-2022-1668 (CVE-2022-42885)
• TALOS-2022-1669 (CVE-2022-44451)
• TALOS-2022-1670 (CVE-2022-46280)
• TALOS-2022-1671 (CVE-2022-43467)
• TALOS-2022-1672 (CVE-2022-37331)

Talos is disclosing these vulnerabilities despite no official fix from Open Babel. The vendor declined to release an update within the 90-day period as outlined in Cisco's vulnerability disclosure policy.

Several issues in Foxit PDF reader could lead to arbitrary code execution

Foxit PDF Reader is one of the most popular PDF readers on the market, offering many similar features to Adobe Acrobat. The software also includes a browser extension that allows users to read PDFs right in their web browsers.

Talos discovered multiple vulnerabilities in Foxit PDF Reader that could allow an adversary to execute , arbitrary code on the targeted machine. An attacker could exploit these issues by tricking a user into opening a specially crafted PDF document or, if the user has the browser extension enabled, by visiting a malicious web page:

• TALOS-2023-1739 (CVE-2023-28744)
• TALOS-2023-1756 (CVE-2023-27379)
• TALOS-2023-1757 (CVE-2023-33866)
• TALOS-2023-1795 (CVE-2023-32664)
• TALOS-2023-1796 (CVE-2023-33876)