7.8
CVSSv3

CVE-2023-39943

CVSSv4: 8.4 | CVSSv3: 7.8 | CVSSv2: NA | VMScore: 940 | EPSS: 0.00043 | KEV: Not Included
Published: 04/02/2025 Updated: 04/02/2025

Vulnerability Summary

Out-of-Bounds Write Vulnerability in Ashlar-Vellum Cobalt XE File Parsing

In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), the affected application lacks proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

Solution

Ashlar-Vellum recommends users apply the following mitigations to help reduce risk:

* Install the latest version of Graphite https://download.ashlar.com/v13/gr.html .
* Update to the latest version for Cobalt, Xenon, Lithium, and Argon by installing v12 SP12 Alpha https://download.ashlar.com/v12/mod-history.html  Build (1204.200) (Jan 22, 2025).
* Only open files from trusted sources.
Vulnerable Product Search on Vulmon Subscribe to Product

ashlar-vellum cobalt

ashlar-vellum cobalt share

ashlar-vellum xenon

ashlar-vellum argon

ashlar-vellum lithium