CVE-2023-26391: 
Adobe Substance 3D Stager vulnerability analysis and mitigation

Adobe Substance 3D Stager version 2.0.1 and earlier versions contain an out-of-bounds read vulnerability that was disclosed in April 2023. The vulnerability affects both Windows and macOS operating systems. This security flaw occurs when parsing crafted files and could result in reading past the end of an allocated memory structure (NVD, Adobe Advisory).

The vulnerability is classified as an out-of-bounds read (CWE-125) with a CVSS v3.1 base score of 7.8 (High). The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, user interaction required, and high impacts on confidentiality, integrity, and availability (Adobe Advisory).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. The vulnerability affects the integrity of memory operations and could lead to unauthorized access to system resources (NVD).

Adobe has addressed this vulnerability in versions after 2.0.1 of Substance 3D Stager. Users are advised to update to the latest version of the software to mitigate this security risk (Adobe Advisory).