CVE-2023-44335: 
Adobe Photoshop vulnerability analysis and mitigation

Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability (CVE-2023-44335) that could lead to disclosure of sensitive memory. The vulnerability was disclosed on November 14, 2023, and affects both Windows and macOS operating systems (Adobe Advisory, NVD).

The vulnerability is classified as an out-of-bounds read (CWE-125) with a CVSS v3.1 base score of 5.5 (Medium). The attack vector is local (AV:L) with low attack complexity (AC:L), requires no privileges (PR:N), and needs user interaction (UI:R). The scope is unchanged (S:U) with high confidentiality impact (C:H) but no impact on integrity (I:N) or availability (A:N) (Adobe Advisory).

If exploited, this vulnerability could lead to the disclosure of sensitive memory contents. Additionally, attackers could potentially leverage this vulnerability to bypass security mitigations such as Address Space Layout Randomization (ASLR) (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Photoshop. The vulnerability affects Photoshop 2023 version 24.7.1 (and earlier) and Photoshop 2024 version 25.0 (and earlier) (Adobe Advisory).