CVE-2023-26383: 
Adobe Substance 3D Stager vulnerability analysis and mitigation

Adobe Substance 3D Stager version 2.0.1 and earlier versions contain a Stack-based Buffer Overflow vulnerability identified as CVE-2023-26383. The vulnerability was discovered in January 2023 and publicly disclosed on April 12, 2023. This security flaw affects Adobe Substance 3D Stager installations on both Windows and macOS operating systems (NVD, ZDI Advisory).

The vulnerability exists within the parsing of USDA files and stems from improper validation of user-supplied data length before copying it to a fixed-length stack-based buffer. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The flaw is classified under CWE-121 (Stack-based Buffer Overflow) and CWE-787 (Out-of-bounds Write) (ZDI Advisory, NVD).

If successfully exploited, this vulnerability could lead to arbitrary code execution in the context of the current user. The high CVSS score indicates that the vulnerability can potentially compromise system confidentiality, integrity, and availability (ZDI Advisory).

Adobe has released an update to address this vulnerability. Users are advised to apply the security update as detailed in Adobe's security bulletin (Adobe Advisory).