CVE-2023-26413: 
Adobe Substance 3D Designer vulnerability analysis and mitigation

Adobe Substance 3D Designer version 12.4.0 and earlier versions contain a Heap-based Buffer Overflow vulnerability identified as CVE-2023-26413. The vulnerability was disclosed on April 11, 2023, affecting both Windows and macOS operating systems. This security flaw requires user interaction, specifically opening a malicious file, to be exploited (NVD, Adobe Advisory).

The vulnerability is classified as a Heap-based Buffer Overflow (CWE-122) and Out-of-bounds Write (CWE-787) issue. It has received a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access and user interaction, but no privileges, and can potentially impact confidentiality, integrity, and availability with high severity (NVD).

If successfully exploited, this vulnerability could lead to arbitrary code execution in the context of the current user. The high CVSS score indicates significant potential impact on system security, affecting confidentiality, integrity, and availability of the system (NVD).

Users should update their Adobe Substance 3D Designer to a version newer than 12.4.0 to address this vulnerability. The fix has been provided through Adobe's security update (Adobe Advisory).