CVE-2023-39943

Summary

In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), the affected application lacks proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

Affected Software

VendorProductVersion RangeStatus
Ashlar-VellumCobalt0 < v12 SP2 Build (1204.200)affected
Ashlar-VellumCobalt Share0 < v12 SP2 Build (1204.200)affected
Ashlar-VellumXenon0 < v12 SP2 Build (1204.200)affected
Ashlar-VellumArgon0 < v12 SP2 Build (1204.200)affected
Ashlar-VellumLithium0 < v12 SP2 Build (1204.200)affected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds Write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References