CNNVD-202508-2057 Information
CNNVD ID
CNNVD-202508-2057
Related CVE
- CNNVD Published: 2025-08-18
Description (Chinese)
Ashlar-Vellum Xenon等都是Ashlar-Vellum公司的产品。Ashlar-Vellum Xenon是一款 CAD 建模软件。Ashlar-Vellum Cobalt是一种基于参数的计算机辅助设计和 3D 建模程序。Ashlar-Vellum Argon是一款2D制图和3D建模软件。 Ashlar-Vellum多款产品存在缓冲区错误漏洞,该漏洞源于解析CO文件时缺少用户输入验证,可能导致越界写入和执行任意代码。以下产品及版本受到影响:Cobalt、Xenon、Argon、Lithium和Cobalt Share 12.6.1204.204之前版本。
Description (English)
Ashlar-Vellem Xenon and others are the products of Ashlar-Vellum. Ashlar-Vellam Xenon is a CAD modeling software. Ashlar-Vellam Cobalt is a parameter-based computer-aided design and 3D modelling program. Ashlar-Vellum Argon is a 2D mapping and 3D modelling software. There is a buffer zone error loophole in the Ashlar-Vellum multi-products, which stems from the lack of user input validation when deconstructing CO files, which could lead to cross-border writing and enforcement of arbitrary codes. The following products and versions were affected: Cobalt, Xenon, Argon, Lithium and Cobalt Share 12.6.12204.204.
Hazard Level
Medium
Vulnerability Type
缓冲区错误
Affected Vendor
Ashlar-Vellum
Published
2025-08-18
Last Modified
2026-02-24
References
https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-01 https://nvd.nist.gov/vuln/detail/CVE-2025-53705
Patch
https://download.ashlar.com/v12/index.html
Share on: