CVE-2023-21574: 
Adobe Photoshop vulnerability analysis and mitigation

Adobe Photoshop versions 23.5.3 (and earlier) and 24.1 (and earlier) were affected by an Improper Input Validation vulnerability identified as CVE-2023-21574. The vulnerability was discovered by Mat Powell of Trend Micro Zero Day Initiative and was publicly disclosed in February 2023 (Adobe Advisory, NVD).

The vulnerability exists within the processing of embedded fonts. The issue stems from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (ZDI Advisory).

A successful exploitation of this vulnerability could result in arbitrary code execution in the context of the current user. The attacker could potentially gain the same privileges as the compromised user process (ZDI Advisory, Adobe Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update to versions 23.5.4 or 24.1.1 or later to mitigate this security issue (Adobe Advisory).