CVE-2023-47061: 
Adobe Dimension vulnerability analysis and mitigation

Adobe Dimension versions 3.4.10 and earlier were identified with an out-of-bounds read vulnerability (CVE-2023-47061). The vulnerability was discovered by Mat Powell of Trend Micro Zero Day Initiative and publicly disclosed on December 12, 2023. This security flaw affects Adobe Dimension software running on both Windows and macOS operating systems (NVD, ZDI Advisory).

The vulnerability is classified as an out-of-bounds read vulnerability (CWE-125) that specifically occurs during the parsing of GLB files. The issue stems from inadequate validation of user-supplied data, which can result in reading past the end of an allocated buffer. The vulnerability has received a CVSS 3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating local access requirements and the need for user interaction (NVD, ZDI Advisory).

The vulnerability could lead to the disclosure of sensitive memory information and potentially enable attackers to bypass security mitigations such as Address Space Layout Randomization (ASLR). When combined with other vulnerabilities, this flaw could potentially be leveraged to execute arbitrary code in the context of the current process (NVD, ZDI Advisory).

Adobe has released a security update to address this vulnerability. Users are advised to update their Adobe Dimension software to a version newer than 3.4.10 to mitigate this security risk (Adobe Advisory).