CVE-2023-21576: 
Adobe Photoshop vulnerability analysis and mitigation

Adobe Photoshop versions 23.5.3 (and earlier) and 24.1 (and earlier) were affected by an out-of-bounds write vulnerability identified as CVE-2023-21576. The vulnerability was discovered by Mat Powell of Trend Micro Zero Day Initiative and was publicly disclosed on February 14, 2023. This security flaw affects both Windows and macOS versions of Adobe Photoshop (Adobe Advisory, ZDI Advisory).

The vulnerability is classified as an out-of-bounds write vulnerability (CWE-787) that occurs during the processing of embedded fonts in Adobe Photoshop. When processing crafted data in a font, it can trigger a write operation past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD, ZDI Advisory).

Successful exploitation of this vulnerability could lead to arbitrary code execution in the context of the current user. This means an attacker could potentially execute malicious code with the same privileges as the user running Photoshop (NVD, Adobe Advisory).

Adobe has released security updates to address this vulnerability. Users should upgrade to Photoshop versions 23.5.4 or 24.1.1 or later, depending on their current version (Adobe Advisory).