Stack-based Buffer Overflow in Ashlar-Vellum Cobalt AR File Parsing
CVE-2024-13045

7.8HIGH

Key Information:

Vendor: Ashlar-Vellum
Status: Cobalt
Vendor: CVE Published:; 30 December 2024

🔔 Create Ashlar-Vellum Vulnerability Alert

What is CVE-2024-13045?

A stack-based buffer overflow vulnerability exists in the AR file parsing functionality of Ashlar-Vellum Cobalt. When a user interacts with a maliciously crafted AR file, it facilitates the execution of arbitrary code on the affected system. The core issue stems from inadequate validation of user-supplied data length before it is copied to a stack-based buffer, enabling potential attackers to exploit this flaw effectively. User action, such as visiting a compromised webpage or opening a specially designed file, is a prerequisite for the attack to succeed. This vulnerability raises significant concerns for users and organizations relying on Ashlar-Vellum Cobalt due to the potential for unauthorized remote code execution and system compromise.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1729/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 30, 2024