CVE-2022-41793 Name CVE-2022-41793 Description An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Source CVE (at NVD ; CERT , LWN , oss-sec , fulldisc , Red Hat , Ubuntu , Gentoo , SUSE bugzilla /CVE , GitHub advisories /code /issues , web search , more )Debian Bugs 1059277
Vulnerable and fixed packages The table below lists information on source packages.
Source Package Release Version Status openbabel (PTS )bullseye 3.1.1+dfsg-6 vulnerable bookworm 3.1.1+dfsg-9 vulnerable sid, trixie 3.1.1+dfsg-11 vulnerable
The information below is based on the following data on fixed versions.
Package Type Release Fixed Version Urgency Origin Debian Bugs openbabel source (unstable) (unfixed) 1059277
Notes [bookworm] - openbabel <postponed> (Minor issue, revisit when fixed upstream) [bullseye] - openbabel <no-dsa> (Minor issue) [buster] - openbabel <postponed> (Minor issue, no upstream patch yet) https://talosintelligence.com/vulnerability_reports/TALOS-2022-1667 https://github.com/openbabel/openbabel/issues/2650