CVE-2023-48635: 
Adobe After Effects vulnerability analysis and mitigation

Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. The vulnerability was disclosed on December 13, 2023, and was assigned CVE-2023-48635. This security issue affects both Windows and macOS operating systems running the specified versions of After Effects (Adobe Advisory).

The vulnerability is classified as an out-of-bounds read issue (CWE-125) that could potentially expose sensitive memory information. The vulnerability has received a CVSS v3.1 base score of 5.5 (Medium), with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access and user interaction, has no privileges required, and can potentially lead to high confidentiality impact (NVD).

The vulnerability could allow an attacker to bypass security mitigations such as Address Space Layout Randomization (ASLR). This could potentially expose sensitive information from the system's memory, compromising the security of the application (Adobe Advisory).

Adobe has released version 24.1 to address this vulnerability. Users are advised to update their Adobe After Effects installation to the latest version to mitigate this security risk (Adobe Advisory).