Volerion logoVolerion
Volerion logoVolerion

Ashlar-Vellum Cobalt Heap-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A heap-based buffer overflow vulnerability has been identified in Ashlar-Vellum Cobalt, as well as in the Cobalt Share application, both prior to version 12 SP2 Build 1204.200. This vulnerability arises from the application's improper validation of user-supplied data when parsing CO files, which could allow an attacker to execute arbitrary code within the context of the current process.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution in the context of the current process.

Remediation

Users are advised to update to the latest version of Ashlar-Vellum Cobalt by installing v12 SP12 Alpha Build 1204.200, available on the Ashlar-Vellum website. For Graphite users, the latest version can be downloaded from the Graphite download page. CISA also recommends following general cybersecurity best practices to avoid social engineering attacks.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
7.5
exploitability
4.4
remediation
8.3
relevance
0.0
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.