Adobe Security Bulletin

Security updates available for Dimension | APSB21-116

Bulletin ID

Date Published

Priority

ASPB21-116

December 14, 2021      

3

Summary

Adobe has released an update for Adobe Dimension. This update addresses  critical, important and moderate  vulnerabilities.  Successful exploitation could lead to arbitrary code execution and privilege escalation
in the context of the current user.      

Affected Versions

Product

Version

Platform

Adobe Dimension

3.4.3 and earlier versions  
    

Windows and macOS 

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app's update mechanism.  For more information, please reference this help page.   

Product

Version

Platform

Priority

Availability

Adobe Dimension

3.4.4

Windows and macOS 

3

For managed environments, IT administrators can use the Admin Console to deploy Creative Cloud applications to end users. Refer to this help page for more information.  

Vulnerability details

Vulnerability Category

Vulnerability Impact

Severity

CVSS base score 

CVE Numbers

Out-of-bounds Read (CWE-125)

Privilege escalation

Important

3.3

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVE-2021-43763

Access of Memory Location After End of Buffer (CWE-788)

Arbitrary code execution

Critical

7.8

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-44179

Out-of-bounds Write (CWE-787)

Arbitrary code execution

Critical

7.8

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-44180

Out-of-bounds Write (CWE-787)

Arbitrary code execution

Critical

7.8

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-44181

Out-of-bounds Read (CWE-125)

Privilege escalation

Moderate

3.3

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVE-2021-44182

Out-of-bounds Read (CWE-125)

Privilege escalation

Moderate

3.3

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVE-2021-44183

Acknowledgments


Adobe would like to thank Mat Powell of Trend Micro Zero Day Initiative for reporting the relevant issues and for working with Adobe to help protect our customers.

  • Mat Powell of Trend Micro Zero Day Initiative  --CVE-2021-43763, CVE-2021-44179, CVE-2021-44180, CVE-2021-44181, CVE-2021-44182 and CVE-2021-44183






Revisions:

December 17th: Updated CVSS details for CVE-2021-43763







For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com

Get help faster and easier

New user?