CVE-2023-47062: 
Adobe Dimension vulnerability analysis and mitigation

Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that was disclosed on December 13, 2023. The vulnerability, tracked as CVE-2023-47062, could potentially lead to the disclosure of sensitive memory information. This security flaw affects Adobe Dimension software on both Windows and macOS operating systems (NVD).

The vulnerability is specifically related to the parsing of GLTF files in Adobe Dimension. The issue stems from inadequate validation of user-supplied data, which can result in a read past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) by Adobe Systems with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, while ZDI assessed it with a CVSS score of 3.3 (NVD, ZDI Advisory).

The exploitation of this vulnerability could lead to the disclosure of sensitive memory information and potentially allow attackers to bypass security mitigations such as Address Space Layout Randomization (ASLR). The vulnerability affects the confidentiality of the system but does not impact integrity or availability (NVD).

Adobe has released an update to address this vulnerability in versions after 3.4.10. Users are advised to update to the latest version of Adobe Dimension to mitigate this security risk (Adobe Advisory).

The vulnerability was initially reported to Adobe on October 3, 2023, by Mat Powell of Trend Micro Zero Day Initiative, and was publicly disclosed on December 14, 2023, following a coordinated release (ZDI Advisory).