CVE-2023-47079: 
Adobe Dimension vulnerability analysis and mitigation

Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability identified as CVE-2023-47079. The vulnerability was discovered by Mat Powell of Trend Micro Zero Day Initiative and was publicly disclosed on December 13, 2023. This security issue affects Adobe Dimension software running on both macOS and Windows operating systems (NVD, Adobe Advisory).

The vulnerability is classified as an out-of-bounds read issue (CWE-125) that could potentially expose sensitive memory information. The CVSS v3.1 base score is 5.5 (Medium), with a vector string of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access and user interaction, has no impact on integrity or availability, but could result in high confidentiality impact (NVD).

The exploitation of this vulnerability could lead to the disclosure of sensitive memory information. Additionally, attackers could potentially leverage this vulnerability to bypass security mitigations such as Address Space Layout Randomization (ASLR). However, successful exploitation requires user interaction, specifically opening a malicious file (NVD).

Adobe has addressed this vulnerability in Adobe Dimension version 3.4.11. Users of affected versions (3.4.10 and earlier) should update to the latest version to mitigate this security risk (ManageEngine).