CNNVD-202508-2054 Information
CNNVD ID
CNNVD-202508-2054
Related CVE
- CNNVD Published: 2025-08-18
Description (Chinese)
Ashlar-Vellum Xenon等都是Ashlar-Vellum公司的产品。Ashlar-Vellum Xenon是一款 CAD 建模软件。Ashlar-Vellum Cobalt是一种基于参数的计算机辅助设计和 3D 建模程序。Ashlar-Vellum Argon是一款2D制图和3D建模软件。 Ashlar-Vellum多款产品存在缓冲区错误漏洞,该漏洞源于解析AR文件时缺少用户输入验证,可能导致越界读取和执行任意代码。以下产品及版本受到影响:Cobalt、Xenon、Argon、Lithium和Cobalt Share 12.6.1204.204之前版本。
Description (English)
Ashlar-Vellem Xenon and others are the products of Ashlar-Vellum. Ashlar-Vellam Xenon is a CAD modeling software. Ashlar-Vellam Cobalt is a parameter-based computer-aided design and 3D modelling program. Ashlar-Vellum Argon is a 2D mapping and 3D modelling software. There is a buffer zone error loophole in many of the Ashlar-Vellum products, which stems from the lack of user input validation when the AR files are analysed, which may lead to cross-border reading and enforcement of any code. The following products and versions were affected: Cobalt, Xenon, Argon, Lithium and Cobalt Share 12.6.12204.204.
Hazard Level
Medium
Vulnerability Type
缓冲区错误
Affected Vendor
Ashlar-Vellum
Published
2025-08-18
Last Modified
2026-02-24
References
https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-01 https://nvd.nist.gov/vuln/detail/CVE-2025-41392
Patch
https://download.ashlar.com/v12/index.html
Share on: