{"id":"CVE-2026-2705","summary":"Open Babel MOL2 File atom.h SetFormalCharge out-of-bounds","details":"A vulnerability was detected in Open Babel up to 3.1.1. The impacted element is the function OBAtom::SetFormalCharge in the library include/openbabel/atom.h of the component MOL2 File Handler. The manipulation results in out-of-bounds read. It is possible to launch the attack remotely. The exploit is now public and may be used. The patch is identified as e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. A patch should be applied to remediate this issue. The project was informed of the problem early through an issue report but has not responded yet.","modified":"2026-06-18T19:53:41.592078Z","published":"2026-02-19T05:02:07.101Z","related":["openSUSE-SU-2026:10936-1"],"database_specific":{"cwe_ids":["CWE-119","CWE-125"],"cna_assigner":"VulDB","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/2xxx/CVE-2026-2705.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/2xxx/CVE-2026-2705.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2705"},{"type":"ADVISORY","url":"https://vuldb.com/?id.346651"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.754379"},{"type":"REPORT","url":"https://github.com/openbabel/openbabel/issues/2848"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.346651"},{"type":"FIX","url":"https://github.com/VedantMadane/openbabel/commit/e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a"},{"type":"FIX","url":"https://github.com/openbabel/openbabel/pull/2862"},{"type":"EVIDENCE","url":"https://github.com/oneafter/0128/blob/main/ob2/repro.mol2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vedantmadane/openbabel","events":[{"introduced":"0"},{"fixed":"e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"3.1.1"}],"source":["CPE_RANGE","REFERENCES"],"cpe":"cpe:2.3:a:openbabel:open_babel:*:*:*:*:*:*:*:*"}}],"versions":["openbabel-3-1-0","openbabel-3-1-1","openbabel-3-0-0","openbabel-3-0-0a2","openbabel-3-0-0a1"],"database_specific":{"vanir_signatures":[{"id":"CVE-2026-2705-01bc6dd8","target":{"file":"src/formats/mol2format.cpp","function":"MOL2Format::ReadMolecule"},"source":"https://github.com/vedantmadane/openbabel/commit/e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a","signature_type":"Function","deprecated":false,"digest":{"function_hash":"30010962304116138080607436319469699538","length":8741},"signature_version":"v1"},{"id":"CVE-2026-2705-0f76489d","target":{"file":"src/formats/xml/cdxmlformat.cpp"},"source":"https://github.com/vedantmadane/openbabel/commit/e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a","signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["217684272962877016414138833642465327871","281597259995795846860484565484922236444","67944802873645976870685274386029446693","284286721701357702013437237273380090033","242538309816058351042879703787182903972"]},"signature_version":"v1"},{"id":"CVE-2026-2705-33bca003","target":{"file":"src/math/transform3d.cpp","function":"transform3d::DescribeAsString"},"source":"https://github.com/vedantmadane/openbabel/commit/e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a","signature_type":"Function","deprecated":false,"digest":{"function_hash":"119405193706058877749533351361322555021","length":1251},"signature_version":"v1"},{"id":"CVE-2026-2705-a7c7b4f1","target":{"file":"src/formats/mol2format.cpp"},"source":"https://github.com/vedantmadane/openbabel/commit/e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a","signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["74714072063425806463116978712476486227","26720173946644870887389989496423085704","17720890902694951893861370958398576869","241071117686927028701713811667404671016","310400835440742988261621149033241726729","223347280846511975360235714746911352592","113071542473268934638868109943538653392"]},"signature_version":"v1"},{"id":"CVE-2026-2705-b63644bb","target":{"file":"src/math/transform3d.cpp"},"source":"https://github.com/vedantmadane/openbabel/commit/e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a","signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["126791517391950924350933049496851609362","273447677231502680745093624288136141499","122020157048298215120106090724374946668","106789864566273743879341108317849902974","40275149034654090481755797826856792854"]},"signature_version":"v1"},{"id":"CVE-2026-2705-f94e2ea9","target":{"file":"src/formats/xml/cdxmlformat.cpp","function":"ChemDrawXMLFormat::EndElement"},"source":"https://github.com/vedantmadane/openbabel/commit/e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a","signature_type":"Function","deprecated":false,"digest":{"function_hash":"76514931888117891657624299142639965215","length":650},"signature_version":"v1"}],"vanir_signatures_modified":"2026-06-18T19:53:41Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-2705.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}]}