CVE-2024-20789: 
Adobe Dimension vulnerability analysis and mitigation

CVE-2024-20789 is a Use After Free vulnerability affecting Adobe Dimension versions 3.4.11 and earlier. The vulnerability was discovered and disclosed in August 2024, with Adobe releasing a security advisory on August 13, 2024. The vulnerability could result in arbitrary code execution in the context of the current user, requiring user interaction through opening a malicious file (Adobe Advisory, NVD).

The vulnerability exists within the parsing of SKP files in Adobe Dimension. The specific flaw results from the lack of validating the existence of an object prior to performing operations on the object. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access requirements with user interaction needed (ZDI Advisory).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. The impact could include complete control over the affected system, allowing attackers to view, change, or delete data, depending on the user's privileges (CIS Advisory).

Adobe has released version 4.0.2 of Adobe Dimension to address this vulnerability. Users are strongly recommended to update to this latest version to mitigate the risk (Adobe Advisory).