Advisories for Pypi/Openbabel package

2026

Open Babel has an out-of-bounds read in CIF transform3d::DescribeAsString

Summary A memory-safety vulnerability in Open Babel's CIF file format parser allowed an out-of-bounds read when reading a crafted input file. Details The flaw was in OpenBabel::transform3d::DescribeAsString. A malformed symmetry-operation string caused the parser to read past the end of its internal buffer while formatting the description. Impact Open Babel is a C++ library and CLI used to read and write chemistry file formats; it is shipped by Linux distributions …