CNNVD-202509-2639 Information

CNNVD ID

CNNVD-202509-2639

Related CVE

CVE-2025-7997

• CNNVD Published: 2025-09-17

Description (Chinese)

Ashlar-Vellum Cobalt是Ashlar-Vellum公司的一种基于参数的计算机辅助设计和 3D 建模程序。 Ashlar-Vellum Cobalt存在缓冲区错误漏洞，该漏洞源于XE文件解析过程中缺乏对用户提供数据的适当验证，可能导致越界读取和执行任意代码。

Description (English)

Ashlar-Vellam Cobalt is an argument-based computer-aided design and 3D modelling program for Ashlar-Vellum. Ashlar-Vellam Cobalt had a buffer zone error loophole, which stemmed from the lack of proper validation of data provided by users during the XE document process, which could lead to cross-border reading and enforcement of arbitrary codes.

Hazard Level

Medium

Vulnerability Type

缓冲区错误

Affected Vendor

Ashlar-Vellum

Published

2025-09-17

Last Modified

2026-02-24

References

https://www.zerodayinitiative.com/advisories/ZDI-25-719/