CNNVD-202508-2058 Information
CNNVD ID
CNNVD-202508-2058
Related CVE
- CNNVD Published: 2025-08-18
Description (Chinese)
Ashlar-Vellum Xenon等都是Ashlar-Vellum公司的产品。Ashlar-Vellum Xenon是一款 CAD 建模软件。Ashlar-Vellum Cobalt是一种基于参数的计算机辅助设计和 3D 建模程序。Ashlar-Vellum Argon是一款2D制图和3D建模软件。 Ashlar-Vellum多款产品存在安全漏洞,该漏洞源于解析VC6文件时缺少用户输入验证,可能导致堆缓冲区溢出和执行任意代码。以下产品及版本受到影响:Cobalt、Xenon、Argon、Lithium和Cobalt Share 12.6.1204.204之前版本。
Description (English)
Ashlar-Vellem Xenon and others are the products of Ashlar-Vellum. Ashlar-Vellam Xenon is a CAD modeling software. Ashlar-Vellam Cobalt is a parameter-based computer-aided design and 3D modelling program. Ashlar-Vellum Argon is a 2D mapping and 3D modelling software. There is a safety gap in the Ashlar-Vellam multi-products, which stems from the lack of user input validation for the analysis of VC6 documents, which could lead to the spilling out of the buffer zone and the implementation of any code. The following products and versions were affected: Cobalt, Xenon, Argon, Lithium and Cobalt Share 12.6.12204.204.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Ashlar-Vellum
Published
2025-08-18
Last Modified
2026-02-24
References
https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-01 https://nvd.nist.gov/vuln/detail/CVE-2025-46269
Patch
https://download.ashlar.com/v12/index.html
Share on: