CNNVD-202509-2633 Information

CNNVD ID

CNNVD-202509-2633

Related CVE

CVE-2025-8003

• CNNVD Published: 2025-09-17

Description (Chinese)

Ashlar-Vellum Cobalt是Ashlar-Vellum公司的一种基于参数的计算机辅助设计和 3D 建模程序。 Ashlar-Vellum Cobalt存在缓冲区错误漏洞，该漏洞源于解析CO文件时缺乏对用户提供数据的适当验证，可能导致越界读取和执行任意代码。

Description (English)

Ashlar-Vellam Cobalt is an argument-based computer-aided design and 3D modelling program for Ashlar-Vellum. Ashlar-Vellam Cobalt has a buffer zone error loophole, which arises from the lack of proper validation of data provided by users when deconstructing CO documents, which may lead to cross-border reading and enforcement of arbitrary codes.

Hazard Level

Medium

Vulnerability Type

缓冲区错误

Affected Vendor

Ashlar-Vellum

Published

2025-09-17

Last Modified

2026-02-24

References

https://www.zerodayinitiative.com/advisories/ZDI-25-720/