CVE-2023-38212: 
Adobe Dimension vulnerability analysis and mitigation

Adobe Dimension version 3.4.9 and earlier versions are affected by a Heap-based Buffer Overflow vulnerability (CVE-2023-38212). The vulnerability was discovered by Mat Powell of Trend Micro Zero Day Initiative and disclosed on August 8, 2023. This security flaw affects Adobe Dimension installations on both Windows and macOS operating systems (Adobe Advisory).

The vulnerability is classified as a Heap-based Buffer Overflow (CWE-122) with a CVSS v3.1 Base Score of 7.8 (High). The vulnerability has the following vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, and user interaction required for exploitation (NVD).

Successful exploitation of this vulnerability could result in arbitrary code execution in the context of the current user. The vulnerability has high impacts on confidentiality, integrity, and availability of the affected system (NVD).

Adobe has released version 3.4.10 to address this vulnerability. Users are recommended to update their installation to the newest version via the Creative Cloud desktop app's update mechanism (Lansweeper Blog).