CVE-2023-39936 – Ashlar-Vellum Graphite v13.0.48 has an out-of-b... (How to Fix)

Q: What is the severity of CVE-2023-39936?

CVE-2023-39936 has a CVSS score of 7.8 (HIGH). Ashlar-Vellum Graphite v13.0.48 has an out-of-bounds read vulnerability when parsing VC6 files due to improper input validation. This allows attackers to execute arbitrary code within the application's process context. Organizations using this specific version of the CAD software are affected.

📋 TL;DR

Ashlar-Vellum Graphite v13.0.48 has an out-of-bounds read vulnerability when parsing VC6 files due to improper input validation. This allows attackers to execute arbitrary code within the application's process context. Organizations using this specific version of the CAD software are affected.

💻 Affected Systems

Products:

Ashlar-Vellum Graphite

Versions: v13.0.48

Operating Systems: Windows (primary), potentially macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when parsing VC6 files - any user who opens VC6 files is vulnerable.

📦 What is this software?

Graphite by Ashlar

View all CVEs affecting Graphite →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via arbitrary code execution leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Application crash (denial of service) or limited information disclosure from memory reads.

🟢

If Mitigated

Application crash with no data compromise if exploit attempts are blocked or fail.

🌐 Internet-Facing: LOW - This is specialized CAD software unlikely to be directly internet-facing.

🏢 Internal Only: MEDIUM - Risk exists if users open malicious VC6 files from untrusted sources internally.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious VC6 file). No public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v13.0.49 or later (check vendor advisory)

Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-03

Restart Required: Yes

Instructions:

1. Download latest version from Ashlar-Vellum. 2. Install update. 3. Restart system. 4. Verify version is v13.0.49 or newer.

🔧 Temporary Workarounds

Block VC6 file execution

windows

Prevent opening of VC6 files via application settings or group policy

Not applicable - configure in application settings

Restrict file access

windows

Use file system permissions to limit who can open VC6 files

icacls *.vc6 /deny Users:R
Requires administrative privileges

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized code execution
Educate users to never open VC6 files from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check Help > About in Graphite application - if version is exactly 13.0.48, system is vulnerable.

Check Version:

Not applicable - check via application GUI

Verify Fix Applied:

Verify version is 13.0.49 or newer in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Application crash logs when opening VC6 files
Unexpected memory access errors in application logs

Network Indicators:

Unusual outbound connections after opening VC6 files

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="Graphite.exe" AND FileExtension="vc6"

📊 Metadata

CVE ID: CVE-2023-39936

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: October 26, 2023

Last Updated: November 21, 2024

🔗 References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-03 Third Party Advisory,US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-03 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-39936, you might also want to check these: