CVE-2023-47049: 
Adobe Audition vulnerability analysis and mitigation

Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file. The vulnerability was disclosed on November 14, 2023, and has been assigned identifier CVE-2023-47049 (NVD).

The vulnerability is classified as an out-of-bounds read (CWE-125) that occurs specifically during the parsing of MP4 files. The issue stems from improper validation of user-supplied data, which can result in a read past the end of an allocated memory structure. The vulnerability has received a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (ZDI).

An attacker who successfully exploits this vulnerability could execute arbitrary code in the context of the current user. The vulnerability allows for potential unauthorized access to memory contents and could lead to code execution with the privileges of the affected application (ZDI).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Audition to mitigate this security risk (Adobe Advisory).