CVE-2023-21618: ZDI-CAN-20963: Adobe Substance 3D Designer SBS File Parsing Uninitialized Variable Remote Code Execution Vulnerability
First published: Thu Jun 15 2023(Updated: )
Adobe Substance 3D Designer version 12.4.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe InDesign | <=12.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-21618?
CVE-2023-21618 has a critical severity level due to its ability to result in arbitrary code execution.
How do I fix CVE-2023-21618?
To mitigate CVE-2023-21618, update Adobe Substance 3D Designer to version 12.4.2 or later.
What versions of Adobe Substance 3D Designer are affected by CVE-2023-21618?
Adobe Substance 3D Designer versions up to and including 12.4.1 are affected by CVE-2023-21618.
What type of vulnerability is CVE-2023-21618?
CVE-2023-21618 is classified as an Access of Uninitialized Pointer vulnerability.
What is required for the exploitation of CVE-2023-21618?
Exploitation of CVE-2023-21618 requires user interaction, specifically that the victim must open a specially crafted file.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe indesign
- version/adobe indesign/12.4.1