Open Babel Memory Corruption Vulnerability in ZIP Stream Handling

A memory corruption vulnerability has been identified in Open Babel versions through 3.1.1. The issue arises in the ZIP stream processing code, specifically within the 'zlib_stream::basic_unzip_streambuf::underflow' function of 'zipstreamimpl.h'. This vulnerability is triggered by overlapping memory regions during the use of 'memcpy', leading to undefined behavior, program crashes, and potential exploitation. The vulnerability requires local access to be exploited.

Impact

Exploitation of this vulnerability causes a program crash and triggers a memory corruption error, which can be leveraged for more severe exploitation.

Reproduction

The vulnerability can be reproduced by compiling Open Babel with the Clang compiler, using specific flags to enable AddressSanitizer and UndefinedBehaviorSanitizer. After compiling the program, the fuzzer can be run with a crafted input file that triggers the memory corruption issue. The program will crash, and the AddressSanitizer will report the overlapping memory ranges that caused the error.