CVE-2023-47080: 
Adobe Substance 3D Stager vulnerability analysis and mitigation

Adobe Substance 3D Stager versions 2.1.1 and earlier contain an out-of-bounds read vulnerability identified as CVE-2023-47080. The vulnerability was disclosed on December 13, 2023, and affects both Windows and macOS operating systems. This security flaw requires user interaction, specifically opening a malicious file, to be exploited (NVD).

The vulnerability is classified as an out-of-bounds read (CWE-125) that could potentially expose sensitive memory information. The severity of this vulnerability has been assessed with a CVSS v3.1 Base Score of 5.5 (Medium), with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access and user interaction, with potential high impact on confidentiality but no impact on integrity or availability (NVD).

The vulnerability could lead to the disclosure of sensitive memory information. More significantly, attackers could potentially leverage this vulnerability to bypass security mitigations such as Address Space Layout Randomization (ASLR), which is a crucial security feature designed to prevent memory-based attacks (NVD).

Adobe has acknowledged this vulnerability in their security bulletin. Users of Adobe Substance 3D Stager should ensure they are running a version newer than 2.1.1 to mitigate this vulnerability (Adobe Advisory).