CVE-2022-38445: 
Adobe Dimension vulnerability analysis and mitigation

Adobe Dimension version 3.4.5 was affected by a Use After Free (UAF) vulnerability identified as CVE-2022-38445. The vulnerability was discovered and reported on September 2, 2022, and publicly disclosed on October 14, 2022. This security flaw affects Adobe Dimension installations on both Windows and macOS operating systems (ZDI Advisory, Adobe Advisory).

The vulnerability is classified as a Use After Free (CWE-416) issue that specifically occurs during the parsing of SKP files. The flaw stems from the application's failure to validate the existence of an object prior to performing operations on it. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (Adobe Advisory, ZDI Advisory).

If successfully exploited, this vulnerability could lead to arbitrary code execution in the context of the current user. This means an attacker could potentially execute malicious code with the same privileges as the user running the Adobe Dimension application (NVD).

Adobe has released an update to version 3.4.6 to address this vulnerability. Users are advised to update their Adobe Dimension installations to the latest version to mitigate this security risk (Adobe Advisory).