जमा करें #654057: Open Babel 3.1.1 / master commit 889c350 Use After Freeजानकारी

शीर्षकOpen Babel 3.1.1 / master commit 889c350 Use After Free
विवरणOpen Babel version 3.1.1 (and the latest development branch, commit 889c350) is vulnerable to a heap-use-after-free in the GAMESSOutputFormat::ReadMolecule function. When parsing crafted GAMESS output files, the parser calls OpenBabel::tokenize to split input lines into tokens and then converts one token into an integer using atoi. However, the token string buffer is freed when the token vector is cleared, leaving atoi/strtol with a dangling pointer. This results in a use-after-free and can lead to memory corruption and potential code execution if exploited with a malicious input file. The vulnerability is triggered during file conversion with the fuzz target fuzz_convert but affects the core library functions used in normal conversions as well.
स्रोत⚠️ https://github.com/openbabel/openbabel/issues/2834
उपयोगकर्ता ahuo (UID 90189)
सबमिशन14/09/2025 09:57 AM (10 महीनों पहले)
संयम25/09/2025 08:05 PM (11 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि325922 [Open Babel तक 3.1.1 gamessformat.cpp ReadMolecule बफ़र ओवरफ़्लो]
अंक20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!