| tiêu đề | Open Babel 3.1.1 / master commit 889c3501 Memory Corruption |
|---|
| Mô tả | Open Babel 3.1.1 (and the current master branch at commit 889c350) contains a vulnerability in the ZIP stream handling code (zipstreamimpl.h). When parsing certain compressed input files, the function zlib_stream::basic_unzip_streambuf<char>::underflow() invokes memcpy with overlapping source and destination buffers. Since memcpy is undefined for overlapping memory regions, this results in undefined behavior and can lead to memory corruption or a crash. A crafted input file can reliably trigger this condition, leading to denial-of-service and potentially opening the door for more severe memory corruption exploits. |
|---|
| Nguồn | ⚠️ https://github.com/openbabel/openbabel/issues/2832 |
|---|
| Người dùng | ahuo (UID 90189) |
|---|
| Đệ trình | 14/09/2025 10:01 (cách đây 10 các tháng) |
|---|
| Kiểm duyệt | 25/09/2025 20:05 (11 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 325923 [Open Babel đến 3.1.1 /src/zipstreamimpl.h underflow tràn bộ đệm] |
|---|
| điểm | 20 |
|---|