CVE-2023-26393: 
Adobe Substance 3D Stager vulnerability analysis and mitigation

Adobe Substance 3D Stager version 2.0.1 and earlier versions were found to contain an out-of-bounds read vulnerability. The vulnerability was disclosed on April 11, 2023, affecting both Windows and macOS operating systems running Adobe Substance 3D Stager software (Adobe Advisory).

The vulnerability is classified as an out-of-bounds read (CWE-125) that occurs when parsing a crafted file. The issue received a CVSS v3.1 Base Score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This scoring indicates that while local access and user interaction are required, the potential impact on confidentiality, integrity, and availability is high (NVD).

When successfully exploited, this vulnerability could allow an attacker to read past the end of an allocated memory structure and potentially execute code in the context of the current user. The high severity rating indicates significant potential impact on system security (Adobe Advisory).

Adobe has addressed this vulnerability in updated versions of Substance 3D Stager. Users are advised to update their software to the latest version to mitigate this security risk (Adobe Advisory).