The vulnerability of Cobalt Ashlar-Vellum’s software for parametric automated design and 3D modeling lies in its ability to read data beyond the buffer limit in memory, allowing an attacker to execute arbitrary code.

🗓️ 05 May 2025 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

Cobalt Ashlar-Vellum software has a buffer overread in CO file processing that enables arbitrary code execution.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2024-13046	30 Dec 202405:00	–	circl
CNNVD	Ashlar Vellum Cobalt 缓冲区错误漏洞	30 Dec 202400:00	–	cnnvd
CVE	CVE-2024-13046	30 Dec 202420:15	–	cve
Cvelist	CVE-2024-13046 Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability	30 Dec 202420:15	–	cvelist
EUVD	EUVD-2024-51302	3 Oct 202520:07	–	euvd
NVD	CVE-2024-13046	30 Dec 202421:15	–	nvd
OSV	CVE-2024-13046	30 Dec 202421:15	–	osv
Positive Technologies	PT-2024-17903 · Ashlar Vellum · Ashlar-Vellum Cobalt	1 Aug 202400:00	–	ptsecurity
Vulnrichment	CVE-2024-13046 Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability	30 Dec 202420:15	–	vulnrichment
Zero Day Initiative	(0Day) Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability	30 Dec 202400:00	–	zdi

Vulners

Node

ashlar cobaltMatch1204.90

Source	Link
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-24-1730/
web	www.web.nvd.nist.gov/view/vuln/detail
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-24-1730/
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-24867/

05 May 2025 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 27.2

CVSS 37.8

EPSS0.00296

buffer overread memory vulnerability cobalt ashlar vellum arbitrary code execution cobalt file processing