CVE-2023-26351: ZDI-CAN-19507: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
First published: Tue Mar 28 2023(Updated: )
Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Dimension | <3.4.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-26351?
CVE-2023-26351 is a vulnerability in Adobe Dimension versions 3.4.7 (and earlier) that allows an attacker to disclose sensitive memory by leveraging an out-of-bounds read vulnerability.
How severe is CVE-2023-26351?
CVE-2023-26351 has a severity score of 5.5, which is classified as medium.
What software versions are affected by CVE-2023-26351?
Adobe Dimension versions 3.4.7 and earlier are affected by CVE-2023-26351.
How can an attacker exploit CVE-2023-26351?
An attacker can exploit CVE-2023-26351 by leveraging the out-of-bounds read vulnerability to disclose sensitive memory. User interaction is required to exploit this vulnerability.
Where can I find more information about CVE-2023-26351?
You can find more information about CVE-2023-26351 on the Adobe Dimension security advisory page: https://helpx.adobe.com/security/products/dimension/apsb23-20.html
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/last-modified-date
- agent/title
- agent/tags
- agent/remedy
- agent/event
- agent/first-publish-date
- agent/description
- vendor/adobe
- canonical/adobe dimension