CVE-2023-40222 HIGH

CVE-2023-40222: Ashlar-Vellum Cobalt, Xenon, Argon, Lithium Heap-based Buffer Overflow

Vendor Ashlar-Vellum
Product Cobalt
Weakness CWE-122
Published February 4, 2025
Last update February 5, 2025

CVSS base score

8.4/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), the affected application lacks proper validation of user-supplied data when parsing CO files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

Key dates

02Disclosure timeline

February 4, 2025 CVE published
February 5, 2025 Record updated