CVE-2022-46295: 
Linux Debian vulnerability analysis and mitigation

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. This vulnerability specifically affects the Gaussian file format (Talos Advisory).

The vulnerability exists in the Gaussian file format parsing functionality within Open Babel. The issue occurs in the translationVectors parsing where an out-of-bounds write vulnerability can be triggered when processing specially crafted files. The vulnerability has received a CVSS 3.1 Base Score of 7.8 HIGH (Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) from NIST NVD, while Talos assessed it with a CVSS score of 9.8 CRITICAL (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The vulnerability is classified as CWE-787 (Out-of-bounds Write) (NVD Database).

The vulnerability can lead to arbitrary code execution on affected systems. When exploited, an attacker could execute malicious code by providing a specially crafted malformed file to the application (Talos Advisory).

As of the disclosure date, no official fix has been released by Open Babel. The vendor declined to release an update within the 90-day period as outlined in Cisco's vulnerability disclosure policy (Talos Blog).