CNNVD-202508-2059 Information
CNNVD ID
CNNVD-202508-2059
Related CVE
- CNNVD Published: 2025-08-18
Description (Chinese)
Ashlar-Vellum Xenon等都是Ashlar-Vellum公司的产品。Ashlar-Vellum Xenon是一款 CAD 建模软件。Ashlar-Vellum Cobalt是一种基于参数的计算机辅助设计和 3D 建模程序。Ashlar-Vellum Argon是一款2D制图和3D建模软件。 Ashlar-Vellum多款产品存在安全漏洞,该漏洞源于解析XE文件时缺少用户输入验证,可能导致堆缓冲区溢出和执行任意代码。以下产品及版本受到影响:Cobalt、Xenon、Argon、Lithium和Cobalt Share 12.6.1204.204之前版本。
Description (English)
Ashlar-Vellem Xenon and others are the products of Ashlar-Vellum. Ashlar-Vellam Xenon is a CAD modeling software. Ashlar-Vellam Cobalt is a parameter-based computer-aided design and 3D modelling program. Ashlar-Vellum Argon is a 2D mapping and 3D modelling software. There is a safety gap in the Ashlar-Vellum multi-products, which stems from the lack of user input validation for the analysis of XE files, which could lead to spills and the implementation of random codes in the buffer zone. The following products and versions were affected: Cobalt, Xenon, Argon, Lithium and Cobalt Share 12.6.12204.204.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Ashlar-Vellum
Published
2025-08-18
Last Modified
2026-02-24
References
https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-01 https://nvd.nist.gov/vuln/detail/CVE-2025-52584
Patch
https://download.ashlar.com/v12/index.html
Share on: