CVE-2023-34305

🗓️ 03 May 2024 01:57:27Reported by zdiType

Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B or X_T files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2023-34305	3 May 202402:15	–	attackerkb
CNNVD	Ashlar Vellum Cobalt 安全漏洞	3 May 202400:00	–	cnnvd
Cvelist	CVE-2023-34305 Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability	3 May 202401:57	–	cvelist
EUVD	EUVD-2023-38386	3 Oct 202520:07	–	euvd
NVD	CVE-2023-34305	3 May 202402:15	–	nvd
OSV	CVE-2023-34305	3 May 202402:15	–	osv
Positive Technologies	PT-2023-24801 · Ashlar Vellum · Ashlar-Vellum Cobalt	15 Jun 202300:00	–	ptsecurity
Vulnrichment	CVE-2023-34305 Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability	3 May 202401:57	–	vulnrichment
Zero Day Initiative	(0Day) Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability	15 Jun 202300:00	–	zdi

NVD

Vulners

Node

ashlar cobaltMatch12.0.1204.49

[
  {
    "vendor": "Ashlar-Vellum",
    "product": "Cobalt",
    "versions": [
      {
        "version": "Ashlar-Vellum Cobalt 12 beta build 1204.49",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-23-865/

08 Aug 2025 15:02Current

7.3High risk

Vulners AI Score7.3

CVSS 37

EPSS0.00804

SSVC

CWE-787