116 matches found
CVE-2023-25883
Adobe Dimension 3.4.7 and earlier is affected by a heap-based buffer overflow that could allow arbitrary code execution in the context of the current user. Exploitation requires the victim to open a malicious file (user interaction). Connected sources confirm this vulnerability under CVE-2023-258...
CVE-2022-38443
Adobe Dimension 3.4.5 is affected by an out-of-bounds read in GLB file parsing, enabling potential disclosure of memory and bypass of ASLR. Exploitation requires user interaction (opening a malicious file). Affected product/component: Adobe Dimension, GLB parsing path. Root cause: out-of-bounds r...
CVE-2023-26356
Adobe Dimension is affected by CVE-2023-26356 (and related CVEs in APSB23-20) through an out-of-bounds read in USD file parsing, enabling information disclosure and memory exposure. The issue requires user interaction (victim opens a malicious USD file) and could bypass mitigations like ASLR. Aff...
CVE-2022-38442
CVE-2022-38442 concerns Adobe Dimension prior to 3.4.6, where a use-after-free in SKP file parsing could allow arbitrary code execution in the current user context. Exploitation requires the victim to open a malicious file, making it a user-interaction–dependent issue. Public documents identify t...
CVE-2023-25888
CVE-2023-25888 affects Adobe Dimension 3.4.7 and earlier. It is an out-of-bounds read vulnerability triggered while parsing a crafted file, enabling code execution in the user’s context. Exploitation requires user interaction (the victim must open a malicious file). The issue is addressed by Adob...
CVE-2023-25900
CVE-2023-25900: Adobe Dimension versions 3.4.7 and earlier are affected by an out-of-bounds read when parsing a crafted file, which could allow code execution in the context of the current user. Exploitation requires the user to open a malicious file (user interaction). The vulnerability is docum...
CVE-2023-25891
Adobe Dimension 3.4.7 and earlier are affected by an out-of-bounds read when parsing a crafted file, allowing code execution in the context of the current user. Exploitation requires the user to open a malicious file (user interaction). The issue is fixed in Dimension 3.4.8 per APSB23-20 (and rel...
CVE-2023-25893
Adobe Dimension versions
CVE-2023-25879
Adobe Dimension 3.4.7 and earlier are affected by an Improper Input Validation vulnerability that can allow arbitrary code execution in the context of the current user when a victim opens a crafted file. The issue requires user interaction and is described as a local-execution type concern with h...
CVE-2023-26345
Adobe Dimension (Windows/macOS) before 3.4.8 is affected by an out-of-bounds read in 3.4.7 and earlier that could disclose memory contents. Exploitation requires a user to open a crafted file, potentially bypassing ASLR. The issue is addressed in the APSB23-20 update, which fixes the vulnerabilit...
CVE-2023-25881
Adobe Dimension 3.4.7 and earlier is affected by an Improper Input Validation vulnerability leading to arbitrary code execution in the context of the current user. Exploitation requires user interaction (open a malicious file). A patch to 3.4.8 is available, and advisories confirm updates address...
CVE-2023-25885
CVE-2023-25885 affects Adobe Dimension ≤ 3.4.7 and is described as a Heap-based Buffer Overflow leading to arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). Multiple sources (NVD/NCSC/NASL) corroborate the vuln...
CVE-2023-25886
Adobe Dimension is affected by CVE-2023-25886 (
CVE-2023-25907
Adobe Dimension 3.4.7 and earlier are affected by an out-of-bounds read when parsing a crafted file, enabling potential code execution in the user’s context. The issue requires user interaction (victim opens malicious file). Affected product/version: Dimension 3.4.7 (and earlier). Root cause: out...
CVE-2021-44180
Adobe Dimension (versions 3.4.3 and earlier) is affected by an out-of-bounds write vulnerability that can result in arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious GIF file. The issue is documented as CVE-2021-4...
CVE-2023-21601
Adobe Dimension is affected by a Use After Free vulnerability in version 3.4.6 and earlier that could disclose memory and bypass ASLR; exploitation requires a user to open a malicious file. Mitigation: update to a fixed version (3.4.7 or later per APSB23-10).
CVE-2023-25905
Adobe Dimension 3.4.7 and earlier are affected by an out-of-bounds write vulnerability in OBJ parsing that could allow arbitrary code execution in the context of the current user. Exploitation requires a user to open a crafted file (user interaction). A fix is available: update to Dimension 3.4.8...
CVE-2023-26329
Adobe Dimension versions 3.4.7 and earlier are affected by an out-of-bounds read vulnerability that could disclose memory and bypass ASLR. Exploitation requires user interaction (victim opens a malicious file). A fix is available in 3.4.8 per APSB23-20/NCSc advisory; update to mitigate.
CVE-2023-25880
CVE-2023-25880 affects Adobe Dimension prior to 3.4.8 (3.4.7 and earlier). The vulnerability is an out-of-bounds write in the GLTF file parsing path that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious file)...
CVE-2023-25884
Adobe Dimension 3.4.7 and earlier contain an out-of-bounds read when parsing a crafted file, enabling code execution in the context of the current user. Access requires the user to open a malicious file (UI: Required) and the attack is Local with LOW complexity per CVSS. Public sources confirm th...
CVE-2023-25890
CVE-2023-25890 : Adobe Dimension 3.4.7 and earlier is affected by a heap-based buffer overflow that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction, as a victim must open a malicious file. The issue is addressed in the APSB23-20 advi...
CVE-2023-26346
CVE-2023-26346 affects Adobe Dimension up to version 3.4.7. The issue is an out-of-bounds read during USD file parsing, enabling information disclosure and potential bypass of ASLR. Exploitation requires user interaction (victim opens a crafted file). Connected sources confirm the vulnerability c...
CVE-2023-44326
Adobe Dimension for Windows/macOS versions 3.4.9 and earlier are affected by an out-of-bounds read during GLTF parsing that can disclose memory contents. Exploitation requires user interaction (victim opens a malicious file), and mitigations may bypass ASLR. A fix is provided in Dimension 3.4.10 ...
CVE-2023-25887
CVE-2023-25887 – Adobe Dimension : Affected: Dimension 3.4.7 and earlier. Vulnerability: out-of-bounds read while parsing a crafted file, could allow code execution in the caller’s context. Requirements: user interaction (victim must open a malicious file). Implications: successful exploitation c...
CVE-2023-26328
CVE-2023-26328 affects Adobe Dimension
CVE-2023-26349
Adobe Dimension CVE-2023-26349 is a Use-After-Free vulnerability affecting Dimension 3.4.7 and earlier that could disclose sensitive memory and bypass ASLR. Exploitation requires user interaction (opening a malicious file). The issue is addressed in the 3.4.8 update (per ENISA/NCSC advisories and...
CVE-2021-43763
Adobe Dimension 3.4.3 and earlier contains an out-of-bounds read (TIF parsing) that can disclose memory and potentially bypass ASLR. Exploitation requires user interaction (open a malicious TIF). Remediation: apply the APSB21-116 update (upgrade to 3.4.4 or later) per Adobe advisory.
CVE-2022-38446
CVE-2022-38446 is a Use-After-Free vulnerability in Adobe Dimension (SKP file parsing) that could allow arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file or otherwise interact with content; the vulnerability is triggered via parsi...
CVE-2023-25896
Adobe Dimension 3.x (3.4.7 and earlier) is affected by a Use-After-Free vulnerability in the USD file parsing path that could allow arbitrary code execution in the context of the current user when a victim opens a crafted file. Exploitation requires user interaction. Remediation: update to Dimens...
CVE-2023-26335
Summary (CVE-2023-26335) Adobe Dimension 3.4.7 and earlier is affected by an out-of-bounds read when parsing a crafted file, enabling code execution in the user’s context. The vulnerability requires user interaction (victim must open a malicious file) and stems from out-of-bounds access in parsin...
CVE-2023-26336
Adobe Dimension 3.4.7 and earlier contains a Use-After-Free vulnerability in USD file parsing that could allow arbitrary code execution when a user opens a crafted file. The issue requires user interaction and is listed under APSB23-20; remediation is to update to Dimension 3.4.8 (per ENISA/NCSc ...
CVE-2023-26348
Adobe Dimension has an out-of-bounds read vulnerability in USD file parsing affecting version 3.4.7 and earlier, potentially allowing memory disclosure and ASLR bypass. Exploitation requires user interaction (victim opens a malicious file). A fixed version is 3.4.8; apply the vendor update (APSB2...
CVE-2023-26355
Adobe Dimension prior to 3.4.8 contains an out-of-bounds read vulnerability that can disclose memory and may bypass ASLR. The issue affects Dimension 3.4.7 and earlier and requires a user to open a malicious file (local attack vector). Public details confirm affected version range and impact as d...
CVE-2022-38445
Adobe Dimension 3.4.5 is affected by a Use-After-Free vulnerability in SKP file parsing that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious SKP file) and is described as local with high impact on confidenti...
CVE-2023-25892
Adobe Dimension (versions up to 3.4.7) is affected by an out-of-bounds read when parsing a crafted file, potentially allowing code execution in the user’s context. The root cause is an out-of-bounds read past an allocated memory structure during parsing. Exploitation requires user interaction (vi...
CVE-2023-25894
CVE-2023-25894 affects Adobe Dimension 3.4.7 and earlier, where a Use-After-Free in USD file parsing can lead to arbitrary code execution in the context of the current user. Exploitation requires the victim to open a malicious file (user interaction). Public references and related entries confirm...
CVE-2023-25895
CVE-2023-25895 describes a Heap-based Buffer Overflow in Adobe Dimension versions 3.4.7 and earlier that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file); the attack vector is local. Multiple sourc...
CVE-2023-26344
Adobe Dimension 3.4.7 and earlier are affected by an uninitialized pointer access vulnerability that can disclose memory and bypass ASLR. Exploitation requires a user to open a malicious file. Multiple connected sources (NVD/NCSC/CVE listings) corroborate the issue as a memory disclosure/pointer-...
CVE-2022-38440
CVE-2022-38440 affects Adobe Dimension 3.4.5, with an out-of-bounds read during parsing of a crafted file that could allow code execution in the caller’s context. Exploitation requires user interaction (victim must open a malicious file). The issue is addressed in a subsequent update (3.4.6+; APS...
CVE-2022-38441
CVE-2022-38441 affects Adobe Dimension 3.4.5 and earlier, with an out-of-bounds read when parsing a crafted file that could allow code execution in the user’s context. Exploitation requires user interaction (victim opens a malicious file). Connected sources confirm this as a local/assembly-level ...
CVE-2022-38447
Adobe Dimension 3.4.5 is affected by a use-after-free vulnerability in SKP file parsing that could allow arbitrary code execution in the context of the current user. Exploitation requires the victim to open a malicious file, and the issue is scored high in CVSS (local attacker, user interaction r...
CVE-2022-38448
Adobe Dimension 3.4.5 is affected by a Use After Free vulnerability in SKP file parsing that could lead to arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file. Mitigation: update to 3.4.6 or later (per APSB22-57) or apply vendor-rel...
CVE-2023-21603
Adobe Dimension
CVE-2023-25906
Adobe Dimension
CVE-2023-26341
Adobe Dimension 3.4.7 and earlier is affected by an out-of-bounds read that can disclose memory contents and bypass mitigations like ASLR. Exploitation requires user interaction (victim opens a crafted file). Affected product: Adobe Dimension (Windows/macOS) with 3.4.7 and earlier. Root cause: ou...
CVE-2023-38211
CVE-2023-38211 affects Adobe Dimension 3.4.9 and is a Use-After-Free vulnerability that could allow arbitrary code execution in the context of the current user. Exploitation requires the victim to open a malicious file (user interaction). Several connected sources corroborate the issue as a post-...
CVE-2021-44179
Adobe Dimension: CVE-2021-44179 is a memory corruption vulnerability in versions 3.4.3 and earlier caused by insecure handling of a malicious GIF file, allowing arbitrary code execution under the current user. Exploitation requires user interaction (e.g., opening a malicious GIF). The issue is re...
CVE-2021-44182
Adobe Dimension versions 3.4.3 and earlier are affected by an out-of-bounds read vulnerability in SVG parsing (CVE-2021-44182) that can disclose memory; exploitation requires user interaction (open a malicious SVG). Remaining formally supported by multiple sources (NVD description, ZDI advisory)....
CVE-2023-25882
Adobe Dimension is affected by CVE-2023-25882 (and related CVEs) via a Heap-based Buffer Overflow in the OBJ parsing path, impacting Dimension 3.4.7 and earlier. The issue can enable arbitrary code execution in the context of the current user and requires user interaction (opening a malicious fil...
CVE-2023-26330
Adobe Dimension 3.4.7 and earlier is affected by an out-of-bounds write vulnerability that can lead to arbitrary code execution in the context of the current user when a malicious file is opened. Exploitation requires user interaction (victim must open a crafted file). The issue is addressed in D...