CNNVD-202509-2650 Information

CNNVD ID

CNNVD-202509-2650

Related CVE

CVE-2025-7988

• CNNVD Published: 2025-09-17

Description (Chinese)

Ashlar-Vellum Graphite是Ashlar-Vellum公司的一款 CAD 建模软件。 Ashlar-Vellum Graphite存在缓冲区错误漏洞，该漏洞源于解析VC6文件时缺乏对用户提供数据的验证，可能导致越界写入和执行任意代码。

Description (English)

Ashlar-Vellum Graham is a CAD modeling software for Ashlar-Vellum. Ashlar-Vellum Graham had a buffer zone error loophole, which stemmed from the lack of validation of data provided by users when the VC6 document was deciphered and could lead to cross-border writing and enforcement of arbitrary codes.

Hazard Level

Medium

Vulnerability Type

缓冲区错误

Affected Vendor

Ashlar-Vellum

Published

2025-09-17

Last Modified

2026-02-24

References

https://www.zerodayinitiative.com/advisories/ZDI-25-644/