CVE-2023-47060: 
Adobe Premiere Pro vulnerability analysis and mitigation

CVE-2023-47060 is an Access of Uninitialized Pointer vulnerability affecting Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier). The vulnerability was disclosed on November 14, 2023, and could lead to disclosure of sensitive memory. This security flaw requires user interaction, specifically opening a malicious file, to be exploited (NVD, Adobe Advisory).

The vulnerability is classified as an Access of Uninitialized Pointer issue that occurs within the parsing of MP4 files. The issue results from the lack of proper initialization of memory prior to accessing it. The vulnerability has been assigned a CVSS v3.1 Base Score of 3.3 (Low) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N (ZDI Advisory).

The vulnerability could lead to disclosure of sensitive memory and potentially allow attackers to bypass security mitigations such as ASLR (Address Space Layout Randomization). The impact is limited to information disclosure without direct code execution capabilities (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Premiere Pro. The vulnerability affects both version 24.0 (and earlier) and 23.6 (and earlier) (Adobe Advisory).