CVE-2023-47040: 
Adobe Media Encoder vulnerability analysis and mitigation

Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability, identified as CVE-2023-47040. The vulnerability was discovered by Mat Powell of Trend Micro Zero Day Initiative and was publicly disclosed on November 14, 2023. The vulnerability affects both Windows and macOS operating systems running the specified versions of Adobe Media Encoder (Adobe Advisory).

The vulnerability is classified as an out-of-bounds read vulnerability (CWE-125) that occurs when parsing a crafted file. This can result in a read past the end of an allocated memory structure. The vulnerability has received a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, and user interaction required (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute code in the context of the current user. The high CVSS score indicates potential severe impacts on confidentiality, integrity, and availability of the affected system (Adobe Advisory).

Adobe has addressed this vulnerability in updated versions of Media Encoder. Users should update to versions newer than 24.0.2 or 23.6 to mitigate this vulnerability (Adobe Advisory).