First published: Fri Nov 17 2023(Updated: )
Adobe Dimension versions 3.4.9 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|Affected Software||Affected Version||How to fix|
The vulnerability ID for this Adobe Dimension vulnerability is CVE-2023-44326.
The title of this Adobe Dimension vulnerability is ZDI-CAN-21866: Adobe Dimension GLTF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability.
The severity level of CVE-2023-44326 is medium, with a severity value of 5.5.
The vulnerability in Adobe Dimension allows disclosure of sensitive memory through an out-of-bounds read vulnerability.
No, Apple macOS is not affected by this Adobe Dimension vulnerability.
No, Microsoft Windows is not affected by this Adobe Dimension vulnerability.
An attacker can exploit CVE-2023-44326 by leveraging the out-of-bounds read vulnerability, requiring user interaction in the form of a victim opening a specially crafted GLTF file.
Yes, Adobe has released a security update to address this vulnerability. Please refer to the Adobe security bulletin for more information.
The Common Weakness Enumeration (CWE) ID for this vulnerability is CWE-125.