Tecr0C

**Name of the Vulnerable Software and Affected Versions** Soda PDF Desktop (affected versions not specified) **Description** A flaw exists in the parsing of PDF files within Soda PDF Desktop due to insufficient validation of user-supplied data. This can lead to a read past the end of an allocated object, potentially disclosing sensitive information. User interaction is required, such as visiting a malicious page or opening a malicious file, to trigger this issue. An attacker could potentially leverage this in combination with other issues to execute arbitrary code within the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Soda PDF Desktop (affected versions not specified) **Description** A flaw exists in the parsing of PDF files within Soda PDF Desktop, stemming from insufficient validation of user-supplied data. This can lead to a read past the end of an allocated object, potentially disclosing sensitive information. User interaction is required, specifically the target must open a malicious file or visit a malicious page. An attacker could potentially leverage this issue, in combination with other flaws, to execute arbitrary code within the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Soda PDF Desktop (affected versions not specified) **Description** A flaw exists in the parsing of PDF files within Soda PDF Desktop. The issue stems from insufficient validation of user-supplied data, potentially leading to a read past the end of an allocated object. An attacker could leverage this, potentially in combination with other issues, to disclose sensitive information. User interaction is required, such as visiting a malicious page or opening a malicious file, to trigger the issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Soda PDF Desktop (affected versions not specified) **Description** A memory corruption issue exists in the PDF file parsing functionality of Soda PDF Desktop, potentially leading to information disclosure. The issue was discovered by Rocco Calvi (@TecR0c) of TecSecurity. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Soda PDF Desktop (affected versions not specified) **Description** A flaw exists in the parsing of PDF files within Soda PDF Desktop, resulting from insufficient validation of user-supplied data. This can lead to a write past the end of an allocated buffer, potentially allowing a remote attacker to execute code in the context of the current process. User interaction is required, such as visiting a malicious page or opening a malicious file, to trigger the issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ashlar-Vellum Cobalt XE (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this, as the target must visit a malicious page or open a malicious file. The flaw exists within the parsing of XE files due to a lack of proper validation of user-supplied data, resulting in a read past the end of an allocated data structure. An attacker can leverage this to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ashlar-Vellum Cobalt (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this issue, specifically, the target must visit a malicious page or open a malicious file. The flaw exists within the parsing of LI files due to a lack of validation of object existence prior to operations being performed on the object. An attacker can leverage this to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ashlar-Vellum Cobalt (affected versions not specified) **Description** A type confusion flaw exists in the parsing of CO files within Ashlar-Vellum Cobalt. The lack of proper validation of user-supplied data can allow remote attackers to execute arbitrary code in the context of the current process. User interaction is required to exploit this issue, such as visiting a malicious page or opening a malicious file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ashlar-Vellum Cobalt XE (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this, as the target must visit a malicious page or open a malicious file. The flaw resides within the parsing of XE files due to a lack of proper validation of user-supplied data, resulting in a read past the end of an allocated data structure. An attacker can leverage this to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ashlar-Vellum Cobalt (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this, as the target must visit a malicious page or open a malicious file. The flaw exists within the parsing of CO files due to a lack of proper validation of user-supplied data, resulting in a read past the end of an allocated data structure. An attacker can leverage this to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ashlar-Vellum Cobalt (affected versions not specified) **Description** Ashlar-Vellum Cobalt is susceptible to a type confusion vulnerability in its AR file parsing functionality. This issue can lead to remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ashlar-Vellum Cobalt (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this, as the target must visit a malicious page or open a malicious file. The flaw resides within the parsing of AR files due to a lack of proper validation of user-supplied data, leading to a write past the end of an allocated data structure. An attacker can leverage this to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ashlar-Vellum Cobalt (affected versions not specified) **Description** A type confusion vulnerability exists due to improper validation of user-supplied data when parsing LI files. This can allow a remote attacker to execute arbitrary code in the context of the current process. User interaction is required; the target must visit a malicious page or open a malicious file to trigger the issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ashlar-Vellum Cobalt XE (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this issue, as the target must visit a malicious page or open a malicious file. The flaw exists within the parsing of XE files due to a lack of proper validation of user-supplied data, resulting in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ashlar-Vellum Cobalt (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this flaw, as the target must visit a malicious page or open a malicious file. The vulnerability stems from insufficient validation of user-supplied data during the parsing of AR files, leading to a read past the end of an allocated data structure. An attacker can exploit this to execute code within the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ashlar-Vellum Cobalt (affected versions not specified) **Description** A type confusion vulnerability exists in the parsing of CO files within Ashlar-Vellum Cobalt. This flaw stems from insufficient validation of user-supplied data, potentially allowing remote attackers to execute arbitrary code. User interaction is required, such as visiting a malicious page or opening a malicious file, to trigger the vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ashlar-Vellum Cobalt XE (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this, as the target must visit a malicious page or open a malicious file. The flaw resides within the parsing of XE files due to a lack of proper validation of user-supplied data, resulting in a read before the start of an allocated data structure. An attacker can leverage this to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ashlar-Vellum Cobalt (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this issue, as the target must visit a malicious page or open a malicious file. The flaw exists within the parsing of CO files due to a lack of proper validation of user-supplied data, resulting in a write past the end of an allocated data structure. An attacker can leverage this to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ashlar-Vellum Cobalt (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this issue, as the target must visit a malicious page or open a malicious file. The flaw resides within the parsing of CO files, resulting from insufficient validation of user-supplied data, leading to a memory corruption condition. An attacker can leverage this to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NI LabVIEW versions 2025 Q1 and prior **Description** A memory corruption issue exists due to improper input validation in the `lvpict.cpp` file. Successful exploitation requires a user to open a specially crafted VI, potentially leading to arbitrary code execution. **Recommendations** Update to a version of NI LabVIEW later than 2025 Q1.