15 matches found
CVE-2024-13050
CVE-2024-13050 affects Ashlar-Vellum Graphite. The root cause is a failure to validate the length of user-supplied data while parsing VC6 files, causing a heap-based buffer overflow that can lead to remote code execution. The vulnerability requires user interaction (the target must open a malicio...
CVE-2024-13051
Ashlar-Vellum Graphite is affected by a VC6 file parsing heap-based buffer overflow that can enable remote code execution. The flaw arises from insufficient validation of user-supplied data length before copying to a heap buffer, allowing an attacker to run code in the target process. Exploitatio...
CVE-2023-34308
Ashlar-Vellum Graphite is affected by CVE-2023-34308 due to an out-of-bounds write in VC6 file parsing. The flaw arises from insufficient validation of user-supplied data, which can cause a write past the end of an allocated buffer and permit remote code execution in the context of the current pr...
CVE-2023-34307
CVE-2023-34307 affects Ashlar-Vellum Graphite, specifically the VC6 file parser. The issue is an out-of-bounds write caused by insufficient validation of VC6 file data, leading to remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file)...
CVE-2023-39427
CVE-2023-39427 affects Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77). The root cause is insufficient validation of user-supplied XE file data, causing an out-of-bounds write that could enable arbitrary code execution in the current process. Related sources ...
CVE-2023-34306
Ashlar-Vellum Graphite VC6 file parsing vulnerability enables stack-based buffer overflow leading to remote code execution. Root cause: improper validation of the length of user-supplied data prior to copying it to a stack-based buffer while parsing VC6 files. Attack requires user interaction (ta...
CVE-2023-39936
In Graphite v13.0.48, Ashlar-Vellum Graphite parsing VC6 files is vulnerable due to improper validation of user-supplied data, causing an out-of-bounds read that could allow arbitrary code execution in the process. The issue is documented across multiple sources (NVD/ICS-CISA), confirming the aff...
CVE-2025-7981
CVE-2025-7981 is associated with Ashlar-Vellum Graphite VC6 file parsing, where uninitialized memory during VC6 file parsing can enable remote code execution. The vulnerability allows code execution in the attacker’s context and requires user interaction (target must visit a crafted page or open ...
CVE-2025-7986
CVE-2025-7986 affects Ashlar-Vellum Graphite VC6. The issue is in VC6 file parsing where lack of validation causes an out-of-bounds write, enabling remote code execution. Exploitation requires user interaction (target must open a malicious page/file). ZDI- CAN-25755 is associated with the disclos...
CVE-2025-7978
Ashlar-Vellum Graphite VC6 File Parsing Uninitialized Variable Remote Code Execution (CVE-2025-7978) is caused by uninitialized memory during VC6 file parsing, allowing code execution in the current process. Exploitation requires user interaction (visiting a malicious page or opening a malicious ...
CVE-2025-7987
CVE-2025-7987 concerns Ashlar-Vellum Graphite VC6, where the VC6 file parsing path allows an out-of-bounds write, enabling remote code execution. The flaw stems from insufficient validation of user-supplied data during VC6 file parsing, which can cause a write past the end of an allocated buffer....
CVE-2025-7980
CVE-2025-7980 affects Ashlar-Vellum Graphite VC6. The vulnerability is in the parsing of VC6 files, caused by insufficient validation of user-supplied data, leading to an out-of-bounds write and remote code execution. Impact is high and requires user interaction (target must open a malicious page...
CVE-2025-7988
CVE-2025-7988 affects Ashlar-Vellum Graphite, specifically the VC6 file parser. The vulnerability is a parsing error causing a buffer overrun (out-of-bounds write) in VC6 file processing, leading to remote code execution . Exploitation requires user interaction (visiting a malicious page or openi...
CVE-2025-7983
CVE-2025-7983 affects Ashlar-Vellum Graphite and concerns a VC6 file parsing heap-based buffer overflow that enables remote code execution. The flaw stems from insufficient validation of the length of user-supplied data prior to copying it into a heap buffer, with exploitation requiring user inte...
CVE-2025-7979
CVE-2025-7979 affects Ashlar-Vellum Graphite VC6. The vulnerability is a stack-based buffer overflow in the VC6 file parsing component caused by insufficient validation of user-supplied data length prior to copying to a stack buffer. This enables remote code execution in the current process conte...