CNNVD-202509-2641 Information

CNNVD ID

CNNVD-202509-2641

Related CVE

CVE-2025-7996

• CNNVD Published: 2025-09-17

Description (Chinese)

Ashlar-Vellum Cobalt是Ashlar-Vellum公司的一种基于参数的计算机辅助设计和 3D 建模程序。 Ashlar-Vellum Cobalt存在缓冲区错误漏洞，该漏洞源于解析AR文件时缺乏对用户提供数据的验证，可能导致越界写入，从而在当前进程环境中执行任意代码。

Description (English)

Ashlar-Vellam Cobalt is an argument-based computer-aided design and 3D modelling program for Ashlar-Vellum. Ashlar-Vellam Cobalt had a buffer zone error loophole, which stemmed from the lack of validation of data provided by users when the AR files were deciphered, and could lead to cross-border writing, thus enforcing arbitrary codes in the current process environment.

Hazard Level

Medium

Vulnerability Type

缓冲区错误

Affected Vendor

Ashlar-Vellum

Published

2025-09-17

Last Modified

2026-02-24

References

https://www.zerodayinitiative.com/advisories/ZDI-25-716/