Multiple vulnerabilities in Adobe Dimension
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 58 |
| CVE-ID | CVE-2023-26342 CVE-2023-26330 CVE-2023-26331 CVE-2023-26332 CVE-2023-26333 CVE-2023-26334 CVE-2023-26335 CVE-2023-26336 CVE-2023-26338 CVE-2023-26339 CVE-2023-26340 CVE-2023-26341 CVE-2023-26343 CVE-2023-26328 CVE-2023-26344 CVE-2023-26345 CVE-2023-26346 CVE-2023-26348 CVE-2023-26349 CVE-2023-26350 CVE-2023-26351 CVE-2023-26352 CVE-2023-26353 CVE-2023-26354 CVE-2023-26355 CVE-2023-26356 CVE-2023-26329 CVE-2023-26327 CVE-2023-25879 CVE-2023-25892 CVE-2023-25880 CVE-2023-25881 CVE-2023-25882 CVE-2023-25883 CVE-2023-25884 CVE-2023-25885 CVE-2023-25886 CVE-2023-25887 CVE-2023-25888 CVE-2023-25889 CVE-2023-25890 CVE-2023-25891 CVE-2023-25893 CVE-2023-25907 CVE-2023-25894 CVE-2023-25895 CVE-2023-25896 CVE-2023-25897 CVE-2023-25898 CVE-2023-25899 CVE-2023-25900 CVE-2023-25901 CVE-2023-25902 CVE-2023-25903 CVE-2023-25904 CVE-2023-25905 CVE-2023-25906 CVE-2023-26337 |
| CWE-ID | CWE-125 CWE-787 CWE-824 CWE-416 CWE-20 CWE-122 CWE-190 CWE-121 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Adobe Dimension Client/Desktop applications / Multimedia software |
| Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 58 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU73642
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26342
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted GLB file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-308/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU73606
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-26330
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-296/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU73634
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26331
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-297/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU73635
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26332
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-298/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU73636
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26333
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-299/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Access of uninitialized pointer
EUVDB-ID: #VU73665
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26334
CWE-ID:
CWE-824 - Access of Uninitialized Pointer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing
untrusted input. A remote attacker can create a specially crafted file,
trick the victim into opening it, trigger memory corruption and gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-300/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU73637
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26335
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-301/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU73660
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-26336
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling files. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-302/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU73638
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26338
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-304/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds read
EUVDB-ID: #VU73639
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26339
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted OBJ file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-305/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Out-of-bounds read
EUVDB-ID: #VU73640
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26340
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted OBJ file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-306/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU73641
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26341
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-307/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds read
EUVDB-ID: #VU73643
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26343
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-309/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds write
EUVDB-ID: #VU73605
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-26328
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-294/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Access of uninitialized pointer
EUVDB-ID: #VU73667
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26344
CWE-ID:
CWE-824 - Access of Uninitialized Pointer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing
untrusted input. A remote attacker can create a specially crafted file,
trick the victim into opening it, trigger memory corruption and gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-310/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds read
EUVDB-ID: #VU73644
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26345
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-311/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Out-of-bounds read
EUVDB-ID: #VU73645
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26346
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-312/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Out-of-bounds read
EUVDB-ID: #VU73646
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26348
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-313/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use-after-free
EUVDB-ID: #VU73661
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-26349
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling files. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-314/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds read
EUVDB-ID: #VU73647
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26350
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-315/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Out-of-bounds read
EUVDB-ID: #VU73648
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26351
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-316/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Out-of-bounds read
EUVDB-ID: #VU73649
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26352
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-317/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds read
EUVDB-ID: #VU73650
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26353
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-318/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Out-of-bounds read
EUVDB-ID: #VU73651
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26354
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-319/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Out-of-bounds read
EUVDB-ID: #VU73652
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26355
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-320/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Out-of-bounds read
EUVDB-ID: #VU73653
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26356
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-321/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Out-of-bounds read
EUVDB-ID: #VU73633
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26329
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted OBJ file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-295/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Out-of-bounds read
EUVDB-ID: #VU73632
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26327
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-293/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Input validation error
EUVDB-ID: #VU73600
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-25879
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-267/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Out-of-bounds read
EUVDB-ID: #VU73626
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-25892
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-280/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Out-of-bounds write
EUVDB-ID: #VU73603
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-25880
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-268/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Input validation error
EUVDB-ID: #VU73601
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-25881
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-269/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Heap-based buffer overflow
EUVDB-ID: #VU73608
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-25882
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-270/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Heap-based buffer overflow
EUVDB-ID: #VU73610
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-25883
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-271/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Out-of-bounds read
EUVDB-ID: #VU73619
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-25884
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-272/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Heap-based buffer overflow
EUVDB-ID: #VU73611
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-25885
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-273/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Out-of-bounds read
EUVDB-ID: #VU73621
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-25886
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-274/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Out-of-bounds read
EUVDB-ID: #VU73622
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-25887
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-275/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Out-of-bounds read
EUVDB-ID: #VU73623
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-25888
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-276/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Out-of-bounds read
EUVDB-ID: #VU73624
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-25889
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-277/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Heap-based buffer overflow
EUVDB-ID: #VU73612
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-25890
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-278/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Out-of-bounds read
EUVDB-ID: #VU73625
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-25891
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-279/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Use-after-free
EUVDB-ID: #VU73655
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-25893
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling files. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-281/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Out-of-bounds read
EUVDB-ID: #VU73631
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-25907
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-292/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Use-after-free
EUVDB-ID: #VU73657
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-25894
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling files. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-282/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Heap-based buffer overflow
EUVDB-ID: #VU73613
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-25895
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-283/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Use-after-free
EUVDB-ID: #VU73658
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-25896
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling files. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-284/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Heap-based buffer overflow
EUVDB-ID: #VU73614
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-25897
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-285/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Heap-based buffer overflow
EUVDB-ID: #VU73615
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-25898
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-286/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Use-after-free
EUVDB-ID: #VU73659
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-25899
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling files. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-287/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Out-of-bounds read
EUVDB-ID: #VU73627
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-25900
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-288/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Input validation error
EUVDB-ID: #VU73602
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-25901
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-289/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Out-of-bounds read
EUVDB-ID: #VU73628
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-25902
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-290/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Integer overflow
EUVDB-ID: #VU73664
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-25903
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow. A remote attacker can trick the victim to open a specially crafted file, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Out-of-bounds read
EUVDB-ID: #VU73629
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-25904
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Out-of-bounds write
EUVDB-ID: #VU73604
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-25905
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-266/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Out-of-bounds read
EUVDB-ID: #VU73630
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-25906
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-291/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Stack-based buffer overflow
EUVDB-ID: #VU73668
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-26337
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can trick the victim to open a specially crafted file, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Dimension: 3.1 - 3.4.7
CPE2.3- cpe:2.3:a:adobe:adobe_dimension:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_dimension:3.2.1:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://www.zerodayinitiative.com/advisories/ZDI-23-303/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
