CVE-2023-25896
published 2023-03-28CVE-2023-25896: Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | dimension | <= 3.4.7 | — |
| adobe | dimension | unspecified – 3.4.7 | — |
| naturalintelligence | fast-xml-parser | >= 4.1.3 < 4.5.4 | 4.5.4 |
| naturalintelligence | fast-xml-parser | >= 5.0.0 < 5.3.5 | 5.3.5 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
ghsa7.5HIGH