CNNVD-202509-2648 Information

CNNVD ID

CNNVD-202509-2648

Related CVE

CVE-2025-7990

• CNNVD Published: 2025-09-17

Description (Chinese)

Ashlar-Vellum Cobalt是Ashlar-Vellum公司的一种基于参数的计算机辅助设计和 3D 建模程序。 Ashlar-Vellum Cobalt存在缓冲区错误漏洞，该漏洞源于VC6文件解析过程中缺乏对用户提供数据的验证，可能导致越界写入和执行任意代码。

Description (English)

Ashlar-Vellam Cobalt is an argument-based computer-aided design and 3D modelling program for Ashlar-Vellum. Ashlar-Vellam Cobalt had a buffer zone error loophole, which stemmed from the lack of validation of data provided by users during the analysis of VC6 documents, which could lead to cross-border writing and implementation of arbitrary codes.

Hazard Level

Medium

Vulnerability Type

缓冲区错误

Affected Vendor

Ashlar-Vellum

Published

2025-09-17

Last Modified

2026-02-24

References

https://www.zerodayinitiative.com/advisories/ZDI-25-638/