CVE-2025-7998: CWE-787: Out-of-bounds Write in Ashlar-Vellum Cobalt
Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26046.
CVE-2025-7998: CWE-787: Out-of-bounds Write in Ashlar-Vellum Cobalt
Description
Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26046.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- zdi
- Date Reserved
- 2025-07-21T19:50:25.528Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 68cb20eac138e352740b9f97
Added to database: 9/17/2025, 8:58:18 PM
Last updated: 9/17/2025, 8:58:18 PM
Views: 1
Related Threats
CVE-2025-8006: CWE-125: Out-of-bounds Read in Ashlar-Vellum Cobalt
HighCVE-2025-8005: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') in Ashlar-Vellum Cobalt
HighCVE-2025-8004: CWE-125: Out-of-bounds Read in Ashlar-Vellum Cobalt
HighCVE-2025-8003: CWE-125: Out-of-bounds Read in Ashlar-Vellum Cobalt
HighCVE-2025-8002: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') in Ashlar-Vellum Cobalt
HighActions
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.