Login Sign Up

CVE-2023-26348

5.5 MEDIUM

📋 TL;DR

CVE-2023-26348 is an out-of-bounds read vulnerability in Adobe Dimension that could allow an attacker to read sensitive memory contents when a user opens a malicious file. This could potentially bypass security mitigations like ASLR. All users of Adobe Dimension 3.4.7 and earlier versions are affected.

💻 Affected Systems

Products:
  • Adobe Dimension
Versions: 3.4.7 and earlier
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Dimension by Adobe

View all CVEs affecting Dimension →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could bypass ASLR protections and potentially chain this vulnerability with other exploits to achieve arbitrary code execution or extract sensitive information from memory.

🟠

Likely Case

Information disclosure through memory content leakage, potentially revealing sensitive data or system information that could aid further attacks.

🟢

If Mitigated

Limited information disclosure with no direct code execution, though still providing attackers with useful memory layout information.

🌐 Internet-Facing: LOW - Exploitation requires user interaction to open malicious files, making automated internet exploitation unlikely.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or malicious files shared through internal channels.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) and knowledge of memory layout. No public exploits have been reported.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.4.8 or later

Vendor Advisory: https://helpx.adobe.com/security/products/dimension/apsb23-20.html

Restart Required: Yes

Instructions:

1. Open Adobe Dimension. 2. Go to Help > Check for Updates. 3. Follow prompts to install version 3.4.8 or later. 4. Restart Adobe Dimension after installation.

🔧 Temporary Workarounds

Restrict file opening

all

Only open Adobe Dimension files from trusted sources and avoid opening unexpected files.

Application control

all

Use application whitelisting to restrict execution of Adobe Dimension to specific users or systems.

🧯 If You Can't Patch

  • Discontinue use of Adobe Dimension until patched
  • Use alternative software for 3D design work

🔍 How to Verify

Check if Vulnerable:

Check Adobe Dimension version in Help > About Adobe Dimension. If version is 3.4.7 or earlier, system is vulnerable.

Check Version:

On Windows: Check version in Help > About. On macOS: Adobe Dimension > About Adobe Dimension

Verify Fix Applied:

Verify Adobe Dimension version is 3.4.8 or later in Help > About Adobe Dimension.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected crashes of Adobe Dimension
  • Multiple failed file opening attempts

Network Indicators:

  • Downloads of Adobe Dimension files from untrusted sources

SIEM Query:

source="*adobe*" AND (event_type="crash" OR file_extension=".dn")

📊 Metadata

CVE ID: CVE-2023-26348
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-125
Published: March 28, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-26348, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)