CVE-2023-21578: 
Adobe Photoshop vulnerability analysis and mitigation

Adobe Photoshop versions 23.5.3 (and earlier) and 24.1 (and earlier) were affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. The vulnerability was discovered by Mat Powell of Trend Micro Zero Day Initiative and was publicly disclosed on February 14, 2023 (Adobe Advisory, NVD).

The vulnerability exists within the processing of embedded fonts. When processing crafted data in a font, it can trigger a read past the end of an allocated buffer, leading to an out-of-bounds read condition. The vulnerability is tracked as CWE-125 (Out-of-bounds Read). Adobe assigned it a CVSS v3.1 base score of 5.5 MEDIUM (Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) (ZDI Advisory).

A successful exploitation of this vulnerability could lead to disclosure of sensitive memory information. This could potentially allow attackers to bypass security mitigations such as ASLR (Address Space Layout Randomization). The vulnerability could be leveraged in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (ZDI Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update to Photoshop versions 23.5.4 or 24.1.1 or later to mitigate this security issue (Adobe Advisory).