CVE-2023-26344: ZDI-CAN-19467: Adobe Dimension USD File Access of Uninitialized Pointer Information Disclosure Vulnerability
First published: Tue Mar 28 2023(Updated: )
Adobe Dimension versions 3.4.7 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Dimension | <3.4.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of Adobe Dimension?
The vulnerability ID of Adobe Dimension is CVE-2023-26344.
What is the severity of CVE-2023-26344?
The severity of CVE-2023-26344 is medium with a severity value of 5.5.
What is affected by CVE-2023-26344?
Adobe Dimension versions 3.4.7 (and earlier) are affected by CVE-2023-26344.
What is the impact of CVE-2023-26344?
CVE-2023-26344 could lead to disclosure of sensitive memory and bypass mitigations such as ASLR.
How do I fix CVE-2023-26344?
Update to Adobe Dimension version 3.4.8 or later to fix CVE-2023-26344.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/adobe
- canonical/adobe dimension