{"vulnerability": "CVE-2022-46292", "sightings": [{"uuid": "112fd7cd-5356-4e6b-8a49-d164e0adb983", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46292", "type": "seen", "source": "https://gist.github.com/alon710/5f5755a051ba9eb72ca8e6e99a859028", "content": "# CVE-2022-46292: CVE-2022-46292: Heap-Based Out-of-Bounds Write in Open Babel MOPAC Parser\n\n&gt; **CVSS Score:** 9.8\n&gt; **Published:** 2026-07-06\n&gt; **Full Report:** https://cvereports.com/reports/CVE-2022-46292\n\n## Summary\nA critical heap-based out-of-bounds write vulnerability exists in Open Babel 3.1.1 and master commit 530dbfa3 within the parsing of Translation Vectors in the MOPAC output file format parser. By supplying a crafted MOPAC file containing more than three translation vector entries under the Unit Cell Translation block, an attacker can corrupt heap memory. This vulnerability can lead to arbitrary code execution or denial of service.\n\n## TL;DR\nAn out-of-bounds write vulnerability in Open Babel's MOPAC output parser allows remote attackers to execute arbitrary code or cause a crash via a malformed file with excessive translation vectors.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-787 / CWE-119\n- **Attack Vector**: Network / Local\n- **CVSS v3.1 Score**: 9.8 (NVD) / 7.8 (OSV)\n- **EPSS Score**: 0.00816 (Percentile: 52.66%)\n- **Impact**: Arbitrary Code Execution / Denial of Service\n- **Exploit Status**: Proof-of-Concept Available\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- Open Babel\n- **Open Babel**: &lt;= 3.1.1 (Fixed in: `Commit 40e852138f21d586b7ccdce6329e7b23a87168bb`)\n\n## Mitigation\n\n- Upgrade Open Babel to a version containing the official patch (commit 40e852138f21d586b7ccdce6329e7b23a87168bb or later).\n- Deploy input validation filters (YARA rules) on ingress endpoints to drop malformed MOPAC files.\n- Isolate the file conversion processes using low-privilege execution sandboxes and containers.\n\n**Remediation Steps:**\n1. Identify all installations of Open Babel 3.1.1 or code matching commit 530dbfa3 in the environment.\n2. Apply commit 40e852138f21d586b7ccdce6329e7b23a87168bb to the source code or upgrade to the patched version.\n3. Recompile the binaries with modern mitigation features such as ASLR, DEP, and stack canaries.\n4. Verify the patch by running the regression test suite with the provided Proof of Concept file.\n\n## References\n\n- [Cisco Talos Vulnerability Report (TALOS-2022-1666)](https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1666)\n- [Open Babel Git Repository](https://github.com/openbabel/openbabel)\n- [CVE.org Official Entry](https://www.cve.org/CVERecord?id=CVE-2022-46292)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2022-46292) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-06T17:12:16.323238Z"}]}