Description
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77), the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Ashlar-Vellum / Argonv12 SP0 Build (1204.77) – v12 SP0 Build (1204.77)
- Ashlar-Vellum / Cobaltv12 SP0 Build (1204.77) – v12 SP0 Build (1204.77)
- Ashlar-Vellum / Cobalt Sharev12 SP0 Build (1204.77) – v12 SP0 Build (1204.77)
- Ashlar-Vellum / Lithiumv12 SP0 Build (1204.77) – v12 SP0 Build (1204.77)
- Ashlar-Vellum / Xenonv12 SP0 Build (1204.77) – v12 SP0 Build (1204.77)