116 matches found
CVE-2023-25883
Adobe Dimension 3.4.7 and earlier is affected by a heap-based buffer overflow that could allow arbitrary code execution in the context of the current user. Exploitation requires the victim to open a malicious file (user interaction). Connected sources confirm this vulnerability under CVE-2023-258...
CVE-2022-38443
Adobe Dimension 3.4.5 is affected by an out-of-bounds read in GLB file parsing, enabling potential disclosure of memory and bypass of ASLR. Exploitation requires user interaction (opening a malicious file). Affected product/component: Adobe Dimension, GLB parsing path. Root cause: out-of-bounds r...
CVE-2023-26356
Adobe Dimension is affected by CVE-2023-26356 (and related CVEs in APSB23-20) through an out-of-bounds read in USD file parsing, enabling information disclosure and memory exposure. The issue requires user interaction (victim opens a malicious USD file) and could bypass mitigations like ASLR. Aff...
CVE-2022-38442
CVE-2022-38442 concerns Adobe Dimension prior to 3.4.6, where a use-after-free in SKP file parsing could allow arbitrary code execution in the current user context. Exploitation requires the victim to open a malicious file, making it a user-interaction–dependent issue. Public documents identify t...
CVE-2023-25891
Adobe Dimension 3.4.7 and earlier are affected by an out-of-bounds read when parsing a crafted file, allowing code execution in the context of the current user. Exploitation requires the user to open a malicious file (user interaction). The issue is fixed in Dimension 3.4.8 per APSB23-20 (and rel...
CVE-2023-25888
CVE-2023-25888 affects Adobe Dimension 3.4.7 and earlier. It is an out-of-bounds read vulnerability triggered while parsing a crafted file, enabling code execution in the user’s context. Exploitation requires user interaction (the victim must open a malicious file). The issue is addressed by Adob...
CVE-2023-25893
Adobe Dimension versions
CVE-2023-26345
Adobe Dimension (Windows/macOS) before 3.4.8 is affected by an out-of-bounds read in 3.4.7 and earlier that could disclose memory contents. Exploitation requires a user to open a crafted file, potentially bypassing ASLR. The issue is addressed in the APSB23-20 update, which fixes the vulnerabilit...
CVE-2023-25879
Adobe Dimension 3.4.7 and earlier are affected by an Improper Input Validation vulnerability that can allow arbitrary code execution in the context of the current user when a victim opens a crafted file. The issue requires user interaction and is described as a local-execution type concern with h...
CVE-2021-44180
Adobe Dimension (versions 3.4.3 and earlier) is affected by an out-of-bounds write vulnerability that can result in arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious GIF file. The issue is documented as CVE-2021-4...
CVE-2023-25881
Adobe Dimension 3.4.7 and earlier is affected by an Improper Input Validation vulnerability leading to arbitrary code execution in the context of the current user. Exploitation requires user interaction (open a malicious file). A patch to 3.4.8 is available, and advisories confirm updates address...
CVE-2023-25907
Adobe Dimension 3.4.7 and earlier are affected by an out-of-bounds read when parsing a crafted file, enabling potential code execution in the user’s context. The issue requires user interaction (victim opens malicious file). Affected product/version: Dimension 3.4.7 (and earlier). Root cause: out...
CVE-2023-21601
Adobe Dimension is affected by a Use After Free vulnerability in version 3.4.6 and earlier that could disclose memory and bypass ASLR; exploitation requires a user to open a malicious file. Mitigation: update to a fixed version (3.4.7 or later per APSB23-10).
CVE-2023-25885
CVE-2023-25885 affects Adobe Dimension ≤ 3.4.7 and is described as a Heap-based Buffer Overflow leading to arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). Multiple sources (NVD/NCSC/NASL) corroborate the vuln...
CVE-2023-26329
Adobe Dimension versions 3.4.7 and earlier are affected by an out-of-bounds read vulnerability that could disclose memory and bypass ASLR. Exploitation requires user interaction (victim opens a malicious file). A fix is available in 3.4.8 per APSB23-20/NCSc advisory; update to mitigate.
CVE-2023-26346
CVE-2023-26346 affects Adobe Dimension up to version 3.4.7. The issue is an out-of-bounds read during USD file parsing, enabling information disclosure and potential bypass of ASLR. Exploitation requires user interaction (victim opens a crafted file). Connected sources confirm the vulnerability c...
CVE-2023-26348
Adobe Dimension has an out-of-bounds read vulnerability in USD file parsing affecting version 3.4.7 and earlier, potentially allowing memory disclosure and ASLR bypass. Exploitation requires user interaction (victim opens a malicious file). A fixed version is 3.4.8; apply the vendor update (APSB2...
CVE-2023-26355
Adobe Dimension prior to 3.4.8 contains an out-of-bounds read vulnerability that can disclose memory and may bypass ASLR. The issue affects Dimension 3.4.7 and earlier and requires a user to open a malicious file (local attack vector). Public details confirm affected version range and impact as d...
CVE-2021-43763
Adobe Dimension 3.4.3 and earlier contains an out-of-bounds read (TIF parsing) that can disclose memory and potentially bypass ASLR. Exploitation requires user interaction (open a malicious TIF). Remediation: apply the APSB21-116 update (upgrade to 3.4.4 or later) per Adobe advisory.
CVE-2022-38445
Adobe Dimension 3.4.5 is affected by a Use-After-Free vulnerability in SKP file parsing that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious SKP file) and is described as local with high impact on confidenti...
CVE-2022-38446
CVE-2022-38446 is a Use-After-Free vulnerability in Adobe Dimension (SKP file parsing) that could allow arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file or otherwise interact with content; the vulnerability is triggered via parsi...
CVE-2022-38448
Adobe Dimension 3.4.5 is affected by a Use After Free vulnerability in SKP file parsing that could lead to arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file. Mitigation: update to 3.4.6 or later (per APSB22-57) or apply vendor-rel...
CVE-2023-25886
Adobe Dimension is affected by CVE-2023-25886 (
CVE-2023-25887
CVE-2023-25887 – Adobe Dimension : Affected: Dimension 3.4.7 and earlier. Vulnerability: out-of-bounds read while parsing a crafted file, could allow code execution in the caller’s context. Requirements: user interaction (victim must open a malicious file). Implications: successful exploitation c...
CVE-2023-25900
CVE-2023-25900: Adobe Dimension versions 3.4.7 and earlier are affected by an out-of-bounds read when parsing a crafted file, which could allow code execution in the context of the current user. Exploitation requires the user to open a malicious file (user interaction). The vulnerability is docum...
CVE-2022-38447
Adobe Dimension 3.4.5 is affected by a use-after-free vulnerability in SKP file parsing that could allow arbitrary code execution in the context of the current user. Exploitation requires the victim to open a malicious file, and the issue is scored high in CVSS (local attacker, user interaction r...
CVE-2023-25890
CVE-2023-25890 : Adobe Dimension 3.4.7 and earlier is affected by a heap-based buffer overflow that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction, as a victim must open a malicious file. The issue is addressed in the APSB23-20 advi...
CVE-2023-25892
Adobe Dimension (versions up to 3.4.7) is affected by an out-of-bounds read when parsing a crafted file, potentially allowing code execution in the user’s context. The root cause is an out-of-bounds read past an allocated memory structure during parsing. Exploitation requires user interaction (vi...
CVE-2023-25896
Adobe Dimension 3.x (3.4.7 and earlier) is affected by a Use-After-Free vulnerability in the USD file parsing path that could allow arbitrary code execution in the context of the current user when a victim opens a crafted file. Exploitation requires user interaction. Remediation: update to Dimens...
CVE-2023-26335
Summary (CVE-2023-26335) Adobe Dimension 3.4.7 and earlier is affected by an out-of-bounds read when parsing a crafted file, enabling code execution in the user’s context. The vulnerability requires user interaction (victim must open a malicious file) and stems from out-of-bounds access in parsin...
CVE-2021-44179
Adobe Dimension: CVE-2021-44179 is a memory corruption vulnerability in versions 3.4.3 and earlier caused by insecure handling of a malicious GIF file, allowing arbitrary code execution under the current user. Exploitation requires user interaction (e.g., opening a malicious GIF). The issue is re...
CVE-2022-38440
CVE-2022-38440 affects Adobe Dimension 3.4.5, with an out-of-bounds read during parsing of a crafted file that could allow code execution in the caller’s context. Exploitation requires user interaction (victim must open a malicious file). The issue is addressed in a subsequent update (3.4.6+; APS...
CVE-2022-38441
CVE-2022-38441 affects Adobe Dimension 3.4.5 and earlier, with an out-of-bounds read when parsing a crafted file that could allow code execution in the user’s context. Exploitation requires user interaction (victim opens a malicious file). Connected sources confirm this as a local/assembly-level ...
CVE-2023-26341
Adobe Dimension 3.4.7 and earlier is affected by an out-of-bounds read that can disclose memory contents and bypass mitigations like ASLR. Exploitation requires user interaction (victim opens a crafted file). Affected product: Adobe Dimension (Windows/macOS) with 3.4.7 and earlier. Root cause: ou...
CVE-2023-44326
Adobe Dimension for Windows/macOS versions 3.4.9 and earlier are affected by an out-of-bounds read during GLTF parsing that can disclose memory contents. Exploitation requires user interaction (victim opens a malicious file), and mitigations may bypass ASLR. A fix is provided in Dimension 3.4.10 ...
CVE-2023-25895
CVE-2023-25895 describes a Heap-based Buffer Overflow in Adobe Dimension versions 3.4.7 and earlier that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file); the attack vector is local. Multiple sourc...
CVE-2023-25905
Adobe Dimension 3.4.7 and earlier are affected by an out-of-bounds write vulnerability in OBJ parsing that could allow arbitrary code execution in the context of the current user. Exploitation requires a user to open a crafted file (user interaction). A fix is available: update to Dimension 3.4.8...
CVE-2023-25906
Adobe Dimension
CVE-2023-26328
CVE-2023-26328 affects Adobe Dimension
CVE-2023-26349
Adobe Dimension CVE-2023-26349 is a Use-After-Free vulnerability affecting Dimension 3.4.7 and earlier that could disclose sensitive memory and bypass ASLR. Exploitation requires user interaction (opening a malicious file). The issue is addressed in the 3.4.8 update (per ENISA/NCSC advisories and...
CVE-2021-44182
Adobe Dimension versions 3.4.3 and earlier are affected by an out-of-bounds read vulnerability in SVG parsing (CVE-2021-44182) that can disclose memory; exploitation requires user interaction (open a malicious SVG). Remaining formally supported by multiple sources (NVD description, ZDI advisory)....
CVE-2023-21603
Adobe Dimension
CVE-2023-25880
CVE-2023-25880 affects Adobe Dimension prior to 3.4.8 (3.4.7 and earlier). The vulnerability is an out-of-bounds write in the GLTF file parsing path that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious file)...
CVE-2023-25884
Adobe Dimension 3.4.7 and earlier contain an out-of-bounds read when parsing a crafted file, enabling code execution in the context of the current user. Access requires the user to open a malicious file (UI: Required) and the attack is Local with LOW complexity per CVSS. Public sources confirm th...
CVE-2023-25894
CVE-2023-25894 affects Adobe Dimension 3.4.7 and earlier, where a Use-After-Free in USD file parsing can lead to arbitrary code execution in the context of the current user. Exploitation requires the victim to open a malicious file (user interaction). Public references and related entries confirm...
CVE-2023-25898
Summary (CVE-2023-25898) : Adobe Dimension
CVE-2023-25901
Adobe Dimension 3.4.7 and earlier is affected by an Improper Input Validation vulnerability (CVE-2023-25901) that could allow arbitrary code execution in the context of the current user, requiring user interaction to open a malicious file. Connected sources add that this and related issues are ad...
CVE-2023-26344
Adobe Dimension 3.4.7 and earlier are affected by an uninitialized pointer access vulnerability that can disclose memory and bypass ASLR. Exploitation requires a user to open a malicious file. Multiple connected sources (NVD/NCSC/CVE listings) corroborate the issue as a memory disclosure/pointer-...
CVE-2023-26351
CVE-2023-26351 refers to Adobe Dimension USD file parsing: an out-of-bounds read in Dimension 3.4.7 and earlier could disclose memory and bypass ASLR. Exploitation requires user interaction (victim opens a malicious file). A fixed version is 3.4.8 (per APSB23-20; advisory notes a security update ...
CVE-2023-26353
Adobe Dimension before 3.4.8 is affected by an out-of-bounds read vulnerability in USD file parsing that could disclose sensitive memory and bypass mitigations such as ASLR. Exploitation requires a victim to open a malicious file (user interaction). No in-the-wild exploitation is documented in th...