CVE-2023-26387: 
Adobe Substance 3D Stager vulnerability analysis and mitigation

Adobe Substance 3D Stager version 2.0.1 and earlier versions were found to contain an Access of Uninitialized Pointer vulnerability. The vulnerability was disclosed on April 11, 2023, and was assigned identifier CVE-2023-26387. This security flaw affects Adobe Substance 3D Stager software running on both Windows and macOS operating systems (NVD).

The vulnerability is classified as an Access of Uninitialized Pointer issue (CWE-824) that specifically occurs during the parsing of USDC files. The flaw stems from improper initialization of memory prior to accessing it. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating local access, low attack complexity, no privileges required, and user interaction required (ZDI Advisory, NVD).

If successfully exploited, this vulnerability could lead to the disclosure of sensitive memory information. The impact is particularly significant as it could enable attackers to bypass security mitigations such as Address Space Layout Randomization (ASLR). The vulnerability only affects confidentiality, with no direct impact on integrity or availability of the system (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Substance 3D Stager software to the latest version available through the official Adobe security advisory (Adobe Advisory).