Volerion logoVolerion
Volerion logoVolerion

Ashlar-Vellum Cobalt Out-of-Bounds Write Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability exists in Ashlar-Vellum Cobalt versions prior to v12 SP2 Build 1204.200, as well as in Cobalt Share, Xenon, Argon, and Lithium, all of which are also prior to v12 SP2 Build 1204.200. The issue arises from the application's improper validation of user-supplied data when parsing XE files, leading to an out-of-bounds write. This vulnerability could be exploited by an attacker to execute arbitrary code within the context of the current process.

Impact

Exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the current process.

Remediation

Users are advised to update to the latest version of Ashlar-Vellum Cobalt by installing v12 SP12 Alpha Build 1204.200, released on January 22, 2025. For Graphite, the latest version is v13.0.48. Additionally, only open files from trusted sources.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
7.5
exploitability
4.4
remediation
7.9
relevance
0.0
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.