CVE-2023-47043: 
Adobe Media Encoder vulnerability analysis and mitigation

Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability, identified as CVE-2023-47043. The vulnerability was discovered and reported on July 13, 2023, and publicly disclosed on November 15, 2023. This security flaw specifically affects the parsing of MP4 files in Adobe Media Encoder running on both Windows and macOS operating systems (ZDI Advisory, NVD).

The vulnerability is classified as an out-of-bounds read (CWE-125) that occurs during the parsing of MP4 files. The specific flaw exists due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated memory structure. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (ZDI Advisory, Adobe Advisory).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. The impact is considered critical as it could lead to complete compromise of the affected system, potentially allowing unauthorized access to sensitive information and system resources (NVD).

Adobe has released security updates to address this vulnerability. Users are strongly advised to update their Adobe Media Encoder installations to the latest version available through the standard Adobe update channels (Adobe Advisory).