SB2023072420 - Multiple vulnerabilities in Open Babel
Published: July 24, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 vulnerabilities.
1) Access of Uninitialized Pointer (CVE-ID: CVE-2022-44451)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to use of uninitialized pointer in the MSI format atom functionality. A remote attacker can use a specially crafted file and execute arbitrary code on the target system.
2) Out-of-bounds write (CVE-ID: CVE-2022-46289)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the nAtoms wrap-around. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
3) Out-of-bounds write (CVE-ID: CVE-2022-46290)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the nAtoms unrestricted loop. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
4) Access of Uninitialized Pointer (CVE-ID: CVE-2022-42885)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to use of uninitialized pointer in the GRO format res functionality. A remote attacker can use a specially crafted file and execute arbitrary code on the target system.
5) Out-of-bounds write (CVE-ID: CVE-2022-46292)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in the translationVectors parsing functionality within the MOPAC file format. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
6) Out-of-bounds write (CVE-ID: CVE-2022-46293)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in the translationVectors parsing functionality within the MOPAC file format. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
7) Out-of-bounds write (CVE-ID: CVE-2022-46291)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in the translationVectors parsing functionality within the msi file format. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
8) Out-of-bounds write (CVE-ID: CVE-2022-46294)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in the translationVectors parsing functionality within the MOPACCART file format. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
9) Out-of-bounds write (CVE-ID: CVE-2022-46295)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in the translationVectors parsing functionality within the Gaussian file format. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
10) Out-of-bounds write (CVE-ID: CVE-2022-43467)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the PQS format coord_file functionality. A remote attacker can use a specially crafted file, trigger an out-of-bounds write and execute arbitrary code on the target system.
11) Access of Uninitialized Pointer (CVE-ID: CVE-2022-46280)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to use of uninitialized pointer in the PQS format pFormat functionality. A remote attacker can use a specially crafted file and execute arbitrary code on the target system.
12) Out-of-bounds write (CVE-ID: CVE-2022-43607)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the MOL2 format attribute and value functionality. A remote attacker can use a specially crafted file, trigger an out-of-bounds write and execute arbitrary code on the target system.
13) Out-of-bounds write (CVE-ID: CVE-2022-41793)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the CSR format title functionality. A remote attacker can use a specially crafted file, trigger an out-of-bounds write and execute arbitrary code on the target system.
14) Out-of-bounds write (CVE-ID: CVE-2022-37331)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the Gaussian format orientation functionality. A remote attacker can use a specially crafted file, trigger an out-of-bounds write and execute arbitrary code on the target system.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1669
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1665
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1668
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1671
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1670
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1664
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1667
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1672