CVE-2023-48638: Adobe Substance 3D Designer 13.0.2 build 6942 Vulnerability III
First published: Wed Dec 13 2023(Updated: )
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe InDesign | <=13.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-48638?
CVE-2023-48638 is considered a high-severity vulnerability due to its potential for sensitive memory disclosure.
How do I fix CVE-2023-48638?
To fix CVE-2023-48638, update Adobe Substance 3D Designer to version 13.1.0 or later.
What impact does CVE-2023-48638 have on systems?
CVE-2023-48638 can lead to the disclosure of sensitive data from memory if exploited.
Who is affected by CVE-2023-48638?
Users of Adobe Substance 3D Designer version 13.0.0 and earlier, as well as version 13.1.0 and earlier, are affected by CVE-2023-48638.
Can CVE-2023-48638 be exploited remotely?
Yes, CVE-2023-48638 can potentially be exploited by an attacker remotely to bypass security mitigations.
- agent/event
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/last-modified-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe indesign
- version/adobe indesign/13.0.0