7.8
CVSSv3

CVE-2023-40222

CVSSv4: 8.4 | CVSSv3: 7.8 | CVSSv2: NA | VMScore: 940 | EPSS: 0.00043 | KEV: Not Included
Published: 04/02/2025 Updated: 04/02/2025

Vulnerability Summary

Heap-Based Buffer Overflow in Ashlar-Vellum Cobalt Before v12 SP2 Build (1204.200)

In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), the affected application lacks proper validation of user-supplied data when parsing CO files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

Solution

Ashlar-Vellum recommends users apply the following mitigations to help reduce risk:

* Install the latest version of Graphite https://download.ashlar.com/v13/gr.html .
* Update to the latest version for Cobalt, Xenon, Lithium, and Argon by installing v12 SP12 Alpha https://download.ashlar.com/v12/mod-history.html  Build (1204.200) (Jan 22, 2025).
* Only open files from trusted sources.
Vulnerable Product Search on Vulmon Subscribe to Product

ashlar-vellum cobalt

ashlar-vellum cobalt share

ashlar-vellum xenon

ashlar-vellum argon

ashlar-vellum lithium