CVE-2022-46280

HIGH EPSS 53.3%

Published Jul 21, 20232y ago · Modified Jun 17, 20261w ago

7.8 CVSS 3.1

High

Published Jul 21, 2023 2y ago

Last Modified Jun 17, 2026 1w ago

Description

A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVSS Details

Base Score

7.8

Exploitability

1.8

Impact

5.9

Vector string

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

53.3% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 1

CWE-824

Affected Products 1

Vendor	Product	Version	Range
openbabel	open_babel	3.1.1	any

References 2

talosintelligence.com https://talosintelligence.com/vulnerability_reports/TALOS-2022-1670

ExploitThird Party AdvisoryVendor Advisory
talosintelligence.com https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1670

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.