CVE-2021-44180: 
Adobe Dimension vulnerability analysis and mitigation

Adobe Dimension versions 3.4.3 and earlier contain an out-of-bounds write vulnerability identified as CVE-2021-44180. The vulnerability was discovered and reported on September 15, 2021, and publicly disclosed on December 21, 2021. This security flaw affects Adobe Dimension software running on both Windows and macOS operating systems (ZDI Advisory, NVD).

The vulnerability is classified as an out-of-bounds write (CWE-787) that occurs during the parsing of PCX images. The issue stems from inadequate validation of user-supplied data, which can result in a write operation past the end of an allocated structure. The vulnerability has received a CVSS v3.0 base score of 7.8 (High) with the vector string CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, and a CVSS v2.0 base score of 9.3 (ZDI Advisory, NVD).

If successfully exploited, this vulnerability could lead to arbitrary code execution in the context of the current user. The impact is considered high as it could potentially allow attackers to execute malicious code with the same privileges as the affected application (ZDI Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Dimension through the official Adobe security advisory (Adobe Advisory).