CVE-2023-48636: Adobe Substance 3D Designer 13.0.2 build 6942 Vulnerability IV
First published: Wed Dec 13 2023(Updated: )
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe InDesign | <=13.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-48636?
CVE-2023-48636 has been classified as a critical vulnerability due to its potential to disclose sensitive information.
How do I fix CVE-2023-48636?
To mitigate CVE-2023-48636, upgrade Adobe Substance 3D Designer to the latest version that addresses this vulnerability.
What can an attacker achieve by exploiting CVE-2023-48636?
An attacker exploiting CVE-2023-48636 could potentially disclose sensitive memory and bypass certain mitigations like ASLR.
Which versions of Adobe Substance 3D Designer are affected by CVE-2023-48636?
CVE-2023-48636 affects Adobe Substance 3D Designer versions 13.0.0 and earlier, as well as 13.1.0 and earlier.
Is an update available for CVE-2023-48636?
Yes, Adobe has released an update to address the vulnerabilities found in versions up to 13.1.0.
- agent/event
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/last-modified-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe indesign
- version/adobe indesign/13.0.0