CVE-2023-26389: 
Adobe Substance 3D Stager vulnerability analysis and mitigation

Adobe Substance 3D Stager version 2.0.1 and earlier versions contain an out-of-bounds read vulnerability that was disclosed on April 11, 2023. The vulnerability affects both Windows and macOS operating systems running the Substance 3D Stager application. This security flaw occurs when parsing crafted files and could result in reading beyond allocated memory structures (NVD, Adobe Advisory).

The vulnerability is classified as an out-of-bounds read (CWE-125) with a CVSS v3.1 base score of 7.8 (High). The attack vector is local (AV:L), with low attack complexity (AC:L), requires no privileges (PR:N), but does need user interaction (UI:R). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is all rated as high (C:H/I:H/A:H) (Adobe Advisory).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. The high CVSS score indicates significant potential impact on system confidentiality, integrity, and availability (NVD).

Adobe has addressed this vulnerability in their security advisory. Users of Adobe Substance 3D Stager should update their software to versions newer than 2.0.1 to mitigate this security risk (Adobe Advisory).