CVE-2023-21601: 
Adobe Dimension vulnerability analysis and mitigation

A vulnerability was discovered in Adobe Dimension related to OBJ file parsing (CVE-2023-21601). The issue was reported on November 4, 2022, and publicly disclosed on January 18, 2023. This vulnerability affects Adobe Dimension installations and requires user interaction to be exploited (ZDI Advisory).

The vulnerability exists within the parsing of OBJ files in Adobe Dimension. The specific flaw stems from the lack of validating the existence of an object prior to performing operations on the object, resulting in a Use-After-Free condition that could lead to information disclosure. The vulnerability has been assigned a CVSS score of 3.3 (Low) with the vector: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N (ZDI Advisory).

When successfully exploited, this vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. The vulnerability could potentially be leveraged in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (ZDI Advisory).

Adobe has released an update to address this vulnerability. Users are advised to apply the security update detailed in the Adobe Security Bulletin APSB23-10 (Adobe Security Bulletin).