CVE-2024-13044

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Dec 30, 2024

Updated: Jan 3, 2025

CWE ID 787

Summary

CVE-2024-13044 is a remote code execution vulnerability affecting Ashlar-Vellum Cobalt software. The flaw lies in the AR file parsing function, where insufficient validation of user-supplied data leads to an out-of-bounds write. This issue permits attackers to execute arbitrary code on affected installations. To exploit this vulnerability, the target must visit a malicious webpage or open a specially crafted file. The discovered flaw is similar to ZDI-CAN-24870.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

C O B A L T

Affected Vendors

Ashlar

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2CqAay
https://www.cve.org/CVERecord?id=CVE-2024-13044
https://nvd.nist.gov/vuln/detail/CVE-2024-13044

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners