CVE-2023-25884: 
Adobe Dimension vulnerability analysis and mitigation

Adobe Dimension versions 3.4.7 and earlier contain an out-of-bounds read vulnerability when parsing crafted files. The vulnerability was assigned CVE-2023-25884 and was discovered on February 15, 2023, with public disclosure occurring on March 28, 2023. This security flaw affects Adobe Dimension installations on both Windows and macOS operating systems (NVD).

The vulnerability is classified as an out-of-bounds read vulnerability (CWE-125) that occurs when parsing a crafted file, potentially resulting in a read past the end of an allocated memory structure. The vulnerability has received a CVSS v3.1 base score of 7.8 (High), with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (Adobe Security).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. The high CVSS score indicates significant potential impact on the confidentiality, integrity, and availability of the affected system (NVD).

Adobe has addressed this vulnerability by releasing version 3.4.8 of Adobe Dimension. Users are advised to update to this latest version to mitigate the security risk (Adobe Security).