CVE-2023-47058: 
Adobe Premiere Pro vulnerability analysis and mitigation

CVE-2023-47058 is an out-of-bounds read vulnerability affecting Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier). The vulnerability was discovered and disclosed in November 2023, affecting both Windows and macOS operating systems. The vulnerability occurs when parsing a crafted file, which could result in a read past the end of an allocated memory structure (NVD, Adobe Advisory).

The vulnerability is classified as an out-of-bounds read vulnerability specifically occurring during MP4 file parsing. It has been assigned a CVSS v3.1 base score of 7.8 (HIGH), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue stems from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer (ZDI Advisory).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. The impact could include unauthorized access to sensitive information, potential system compromise, and execution of malicious code with user privileges (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Premiere Pro. The vulnerability has been fixed in versions after 24.0 and 23.6 (Adobe Advisory).