Login Sign Up

CVE-2022-46291

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2022-46291 is a critical out-of-bounds write vulnerability in Open Babel's MSI file format parser that allows arbitrary code execution when processing malicious files. This affects Open Babel 3.1.1 and development versions, potentially impacting any system using Open Babel for chemical file format conversion. Attackers can exploit this by providing specially crafted MSI files to vulnerable systems.

💻 Affected Systems

Products:
  • Open Babel
Versions: 3.1.1 and development versions including commit 530dbfa3
Operating Systems: All platforms running Open Babel
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability specifically in MSI file format parsing; other formats may be unaffected.

📦 What is this software?

Open Babel by Openbabel

View all CVEs affecting Open Babel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with remote code execution leading to complete data loss, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Local privilege escalation or remote code execution when users process untrusted MSI files through Open Babel.

🟢

If Mitigated

Denial of service or application crash if memory protections prevent code execution.

🌐 Internet-Facing: MEDIUM - Requires file upload/processing capability; not directly network exploitable.
🏢 Internal Only: HIGH - Internal users processing untrusted files could trigger exploitation.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction to process malicious file; Talos Intelligence has published technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Open Babel 3.1.2 or later

Vendor Advisory: https://github.com/openbabel/openbabel/security/advisories

Restart Required: Yes

Instructions:

1. Update Open Babel to version 3.1.2 or later. 2. Rebuild any applications using Open Babel libraries. 3. Restart services using Open Babel.

🔧 Temporary Workarounds

Disable MSI format support

all

Remove or disable MSI file format parsing in Open Babel configuration

Modify Open Babel configuration to exclude MSI format support

Input validation

all

Implement strict file validation before processing with Open Babel

🧯 If You Can't Patch

  • Implement application sandboxing to limit Open Babel's system access
  • Use file type filtering to block MSI files from being processed by Open Babel

🔍 How to Verify

Check if Vulnerable:

Check Open Babel version: 'obabel --version' or examine installed package version

Check Version:

obabel --version

Verify Fix Applied:

Confirm version is 3.1.2 or later and test with known safe MSI files

📡 Detection & Monitoring

Log Indicators:

  • Open Babel process crashes when parsing files
  • Unexpected child processes spawned from Open Babel

Network Indicators:

  • Unusual outbound connections from systems running Open Babel

SIEM Query:

Process:obabel AND (EventID:1000 OR ParentProcess:obabel)

📊 Metadata

CVE ID: CVE-2022-46291
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119
Published: July 21, 2023
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-46291, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)