CVE-2022-46295

Publication date 21 July 2023

Last updated 26 February 2025

Ubuntu priority

Cvss 3 Severity Score

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the Gaussian file format

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
openbabel	24.10 oracular	Vulnerable
	24.04 LTS noble	Vulnerable
	23.10 mantic	Ignored end of life, was needs-triage
	23.04 lunar	Ignored end of life, was needs-triage
	22.04 LTS jammy	Vulnerable
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation
	14.04 LTS trusty	Ignored end of standard support

Notes

bruce

No patch available as of 2025-02-26 https://github.com/openbabel/openbabel/issues/2650 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059277

Severity score breakdown

Parameter	Value
Base score	7.8 · High
Attack vector	Local
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H