CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-44326 – ZDI-CAN-21866: Adobe Dimension GLTF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-44326
Adobe Dimension versions 3.4.9 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Las versiones 3.4.9 (y anteriores) de Adobe Dimension se ven afectadas por una vulnerabilidad de lectura fuera de los límites que podría provocar la divulgación de memoria confidencial. Un atacante podría aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. • https://helpx.adobe.com/security/products/dimension/apsb23-62.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-38212 – ZDI-CAN-21093: Adobe Dimension GLB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-38212
Adobe Dimension version 3.4.9 is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Adobe Dimension 3.4.9 es afectada por una vulnerabilidad de desbordamiento del búfer basado en el montículo que podría dar lugar a la ejecución de código arbitrario en el contexto del usuario actual. La explotación de este problema requiere la interacción del usuario, ya que la víctima debe abrir un archivo malicioso. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. • https://helpx.adobe.com/security/products/dimension/apsb23-44.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-38211 – ZDI-CAN-21078: Adobe Dimension GLB File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-38211
Adobe Dimension version 3.4.9 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Adobe Dimension version 3.4.9 es afectada por una vulnerabilidad de user-after-free, la cual podría dar lugar a la ejecución de código arbitrario en el contexto del usuario actual. La explotación de este problema requiere la interacción del usuario, ya que la víctima debe abrir un archivo malicioso. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. • https://helpx.adobe.com/security/products/dimension/apsb23-44.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-38213 – ZDI-CAN-21094: Adobe Dimension GLB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-38213
Adobe Dimension version 3.4.9 is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Adobe Dimension versión 3.4.9 es afectada por una lectura fuera de los límites que podría conducir a la divulgación de memoria sensible. Un atacante podría aprovechar esta vulnerabilidad para eludir mitigaciones como ASLR. • https://helpx.adobe.com/security/products/dimension/apsb23-44.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-26373 – Adobe Dimension has an arbitrary address write vulnerability when parsing USDZ files
https://notcve.org/view.php?id=CVE-2023-26373
Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/dimension/apsb23-27.html • CWE-787: Out-of-bounds Write •