Adobe Security Bulletin

Security updates available for Dimension | APSB22-57

Bulletin ID

Date Published

Priority

ASPB22-57

October 11, 2021      

3

Summary

Adobe has released an update for Adobe Dimension. This update addresses  critical and moderate  vulnerabilities.  Successful exploitation could lead to arbitrary code execution and memory leak in the context of the current user.      

Affected Versions

Product

Version

Platform

Adobe Dimension

3.4.5 and earlier versions 

Windows and macOS 

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app's update mechanism.  For more information, please reference this help page.   

Product

Version

Platform

Priority

Availability

Adobe Dimension

3.4.6

Windows and macOS 

3

For managed environments, IT administrators can use the Admin Console to deploy Creative Cloud applications to end users. Refer to this help page for more information.  

Vulnerability details

Vulnerability Category

Vulnerability Impact

Severity

CVSS base score 

CVE Numbers

Out-of-bounds Read 
 (CWE-125)

Arbitrary code execution

Criticial

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-38440

Out-of-bounds Read 
 (CWE-125)

Arbitrary code execution

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-38441

Use After Free (CWE-416)

Arbitrary code execution

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-38442

Out-of-bounds Read 
(CWE-125)

Memory leak

Moderate

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVE-2022-38443

Use After Free (CWE-416)

Arbitrary code execution

Criticial

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-38444

Use After Free (CWE-416)

Arbitrary code execution

Criticial

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-38445

Use After Free (CWE-416)

Arbitrary code execution

Criticial

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-38446

Use After Free (CWE-416)

Arbitrary code execution

Criticial

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-38447

Use After Free (CWE-416)

Arbitrary code execution

Criticial

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-38448

Acknowledgments


Adobe would like to thank the following researchers  for reporting the relevant issues and for working with Adobe to help protect our customers:

  • Mat Powell of Trend Micro Zero Day Initiative  -- CVE-2022-38440, CVE-2022-38441, CVE-2022-38442, CVE-2022-38443, CVE-2022-38444, CVE-2022-38445, CVE-2022-38446, CVE-2022-38447, CVE-2022-38448

For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com

Get help faster and easier

New user?