ByteOS

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

>>ipados>>Versions before 17.0(exclusive)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

>>iphone_os>>Versions before 17.0(exclusive)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

>>macos>>Versions from 12.0.0(inclusive) to 12.7(exclusive)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

>>macos>>Versions from 13.0(inclusive) to 13.6(exclusive)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

>>tvos>>Versions before 17.0(exclusive)

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

>>watchos>>Versions before 10.0(exclusive)

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://seclists.org/fulldisclosure/2023/Oct/10	product-security@apple.com	N/A
http://seclists.org/fulldisclosure/2023/Oct/5	product-security@apple.com	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/6	product-security@apple.com	N/A
http://seclists.org/fulldisclosure/2023/Oct/8	product-security@apple.com	N/A
http://seclists.org/fulldisclosure/2023/Oct/9	product-security@apple.com	N/A
https://support.apple.com/en-us/HT213931	product-security@apple.com	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213932	product-security@apple.com	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213936	product-security@apple.com	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213937	product-security@apple.com	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213938	product-security@apple.com	Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2023/Oct/10	af854a3a-2127-422b-91ae-364da2661108	N/A
http://seclists.org/fulldisclosure/2023/Oct/5	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/6	af854a3a-2127-422b-91ae-364da2661108	N/A
http://seclists.org/fulldisclosure/2023/Oct/8	af854a3a-2127-422b-91ae-364da2661108	N/A
http://seclists.org/fulldisclosure/2023/Oct/9	af854a3a-2127-422b-91ae-364da2661108	N/A
https://support.apple.com/en-us/HT213931	af854a3a-2127-422b-91ae-364da2661108	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213932	af854a3a-2127-422b-91ae-364da2661108	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213936	af854a3a-2127-422b-91ae-364da2661108	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213937	af854a3a-2127-422b-91ae-364da2661108	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT213938	af854a3a-2127-422b-91ae-364da2661108	Release Notes Vendor Advisory
https://support.apple.com/kb/HT213931	af854a3a-2127-422b-91ae-364da2661108	N/A
https://support.apple.com/kb/HT213932	af854a3a-2127-422b-91ae-364da2661108	N/A
https://support.apple.com/kb/HT213936	af854a3a-2127-422b-91ae-364da2661108	N/A
https://support.apple.com/kb/HT213937	af854a3a-2127-422b-91ae-364da2661108	N/A
https://support.apple.com/kb/HT213938	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/10

Source: product-security@apple.com

Resource: N/A

Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/5

Source: product-security@apple.com

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/6

Source: product-security@apple.com

Resource: N/A

Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/8

Source: product-security@apple.com

Resource: N/A

Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/9

Source: product-security@apple.com

Resource: N/A

Hyperlink: https://support.apple.com/en-us/HT213931

Source: product-security@apple.com

Resource:

Release Notes

Vendor Advisory

Hyperlink: https://support.apple.com/en-us/HT213932

Source: product-security@apple.com

Resource:

Release Notes

Vendor Advisory

Hyperlink: https://support.apple.com/en-us/HT213936

Source: product-security@apple.com

Resource:

Release Notes

Vendor Advisory

Hyperlink: https://support.apple.com/en-us/HT213937

Source: product-security@apple.com

Resource:

Release Notes

Vendor Advisory

Hyperlink: https://support.apple.com/en-us/HT213938

Source: product-security@apple.com

Resource:

Release Notes

Vendor Advisory

Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/10

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/5

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/6

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/8

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/9

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://support.apple.com/en-us/HT213931

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Release Notes

Vendor Advisory

Hyperlink: https://support.apple.com/en-us/HT213932

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Release Notes

Vendor Advisory

Hyperlink: https://support.apple.com/en-us/HT213936

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Release Notes

Vendor Advisory

Hyperlink: https://support.apple.com/en-us/HT213937

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Release Notes

Vendor Advisory

Hyperlink: https://support.apple.com/en-us/HT213938

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Release Notes

Vendor Advisory

Hyperlink: https://support.apple.com/kb/HT213931

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://support.apple.com/kb/HT213932

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://support.apple.com/kb/HT213936

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://support.apple.com/kb/HT213937

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://support.apple.com/kb/HT213938

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Similar CVEs

1535Records found

CVE-2025-49570

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.03% / 7.49%

7 Day CHG~0.00%

Published-12 Aug, 2025 | 20:29

Updated-14 Aug, 2025 | 01:34

Photoshop Desktop | Out-of-bounds Write (CWE-787)

Photoshop Desktop versions 25.12.3, 26.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor-Adobe Inc.Apple Inc.Microsoft Corporation

Product-macos photoshop windows Photoshop Desktop

CWE ID-CWE-787

Out-of-bounds Write

CVE-2023-26411

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.20% / 41.88%

7 Day CHG~0.00%

Published-13 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:04

ZDI-CAN-20312: Adobe Substance 3D Designer USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Product-windows macos substance_3d_designer Substance3D - Designer

CWE ID-CWE-125

Out-of-bounds Read

CVE-2023-26373

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.15% / 35.87%

7 Day CHG~0.00%

Published-12 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:10

Adobe Dimension has an arbitrary address write vulnerability when parsing USDZ files

Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2023-26409

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.20% / 41.88%

7 Day CHG~0.00%

Published-13 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:04

ZDI-CAN-20313: Adobe Substance 3D Designer USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Product-windows macos substance_3d_designer Substance3D - Designer

CWE ID-CWE-125

Out-of-bounds Read

CVE-2023-26370

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.05% / 16.27%

7 Day CHG~0.00%

Published-11 Oct, 2023 | 11:49

Updated-02 Aug, 2024 | 11:46

ZDI-CAN-21257: Adobe Photoshop PSD File Parsing Uninitialized Variable Remote Code Execution Vulnerability

Adobe Photoshop versions 23.5.5 (and earlier) and 24.7 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Product-photoshop_2022 photoshop_2023 windows macos photoshop_2024 Photoshop Desktop

CWE ID-CWE-824

Access of Uninitialized Pointer

CVE-2023-26392

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.26% / 48.70%

7 Day CHG~0.00%

Published-12 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:07

ZDI-CAN-20235: Adobe Substance 3D Stager USD File Parsing Use-After-Free Remote Code Execution Vulnerability

Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Product-windows macos substance_3d_stager Substance3D - Stager

CWE ID-CWE-416

Use After Free

CVE-2023-26419

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-2.99% / 86.29%

7 Day CHG~0.00%

Published-12 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:05

ZDI-CAN-20274: Adobe Acrobat Reader DC AcroForm removeField Use-After-Free Remote Code Execution Vulnerability

Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Product-acrobat_dc acrobat_reader acrobat acrobat_reader_dc windows macos Acrobat Reader

CWE ID-CWE-416

Use After Free

CVE-2023-26416

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.20% / 41.78%

7 Day CHG~0.00%

Published-13 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:03

ZDI-CAN-20318: Adobe Substance 3D Designer DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Product-windows macos substance_3d_designer Substance3D - Designer

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2023-27529

Matching Score-8

Assigner-JPCERT/CC

Matching Score-8

Assigner-JPCERT/CC

CVSS Score-7.8||HIGH

EPSS-0.05% / 16.84%

7 Day CHG-0.01%

Published-25 May, 2023 | 00:00

Updated-16 Jan, 2025 | 16:15

Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an improper link resolution before file access vulnerability. When a user is tricked to execute a small malicious script before executing the affected version of the installer, arbitrary code may be executed with the root privilege.

Vendor-wacom Wacom Apple Inc.

Product-tablet_driver_installer macos Wacom Tablet Driver installer

CWE ID-CWE-59

Improper Link Resolution Before File Access ('Link Following')

CVE-2023-26417

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-2.99% / 86.29%

7 Day CHG~0.00%

Published-12 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:05

ZDI-CAN-20583: Adobe Acrobat Reader DC Popup Use-After-Free Remote Code Execution Vulnerability

Product-acrobat_dc acrobat_reader acrobat acrobat_reader_dc windows macos Acrobat Reader

CWE ID-CWE-416

Use After Free

CVE-2023-26371

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.20% / 41.88%

7 Day CHG~0.00%

Published-12 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:10

Validate Your Inputs | Out-of-bounds Read (CWE-125)

Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CWE ID-CWE-125

Out-of-bounds Read

CVE-2023-26415

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.15% / 35.87%

7 Day CHG~0.00%

Published-13 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:03

ZDI-CAN-20317: Adobe Substance 3D Designer DAE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Product-windows macos substance_3d_designer Substance3D - Designer

CWE ID-CWE-787

Out-of-bounds Write

CVE-2023-26412

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.23% / 45.27%

7 Day CHG~0.00%

Published-13 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:04

ZDI-CAN-20314: Adobe Substance 3D Designer USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Product-windows macos substance_3d_designer Substance3D - Designer

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2023-26402

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.20% / 41.88%

7 Day CHG~0.00%

Published-12 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:06

ZDI-CAN-20237: Adobe Substance 3D Stager USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Product-windows macos substance_3d_stager Substance3D - Stager

CWE ID-CWE-125

Out-of-bounds Read

CVE-2023-26389

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.20% / 41.88%

7 Day CHG~0.00%

Published-12 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:08

ZDI-CAN-20258: Adobe Substance 3D Stager USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Product-windows macos substance_3d_stager Substance3D - Stager

CWE ID-CWE-125

Out-of-bounds Read

CVE-2023-26425

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-2.34% / 84.57%

7 Day CHG~0.00%

Published-12 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:04

ZDI-CAN-19854: Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability

Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Product-acrobat_dc acrobat_reader acrobat acrobat_reader_dc windows macos Acrobat Reader

CWE ID-CWE-125

Out-of-bounds Read

CVE-2023-26394

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.20% / 41.78%

7 Day CHG~0.00%

Published-12 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:07

ZDI-CAN-20236: Adobe Substance 3D Stager USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Product-windows macos substance_3d_stager Substance3D - Stager

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2023-26421

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-1.80% / 82.50%

7 Day CHG~0.00%

Published-12 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:05

ZDI-CAN-19832: Adobe Acrobat Reader DC Doc Object Integer Underflow Remote Code Execution Vulnerability

Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Integer Underflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Product-acrobat_dc acrobat_reader acrobat acrobat_reader_dc windows macos Acrobat Reader

CWE ID-CWE-191

Integer Underflow (Wrap or Wraparound)

CVE-2023-26372

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.15% / 35.87%

7 Day CHG~0.00%

Published-12 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:10

ZDI-CAN-20284: Adobe Dimension USDZ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

CWE ID-CWE-787

Out-of-bounds Write

CVE-2023-26420

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-2.99% / 86.29%

7 Day CHG~0.00%

Published-12 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:05

ZDI-CAN-20227: Adobe Acrobat Reader DC AcroForm addField Use-After-Free Remote Code Execution Vulnerability

Product-acrobat_dc acrobat_reader acrobat acrobat_reader_dc windows macos Acrobat Reader

CWE ID-CWE-416

Use After Free

CVE-2023-26390

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.20% / 41.78%

7 Day CHG~0.00%

Published-12 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:08

ZDI-CAN-20255: Adobe Substance 3D Stager USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Product-windows macos substance_3d_stager Substance3D - Stager

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2023-26423

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-2.37% / 84.67%

7 Day CHG~0.00%

Published-12 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:05

ZDI-CAN-20160: Adobe Acrobat Reader DC AcroForm insertItemAt Use-After-Free Remote Code Execution Vulnerability

Product-acrobat_dc acrobat_reader acrobat acrobat_reader_dc windows macos Acrobat Reader

CWE ID-CWE-416

Use After Free

CVE-2023-26422

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-2.37% / 84.67%

7 Day CHG~0.00%

Published-12 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:05

ZDI-CAN-20176: Adobe Acrobat Reader DC AcroForm deleteItemAt Use-After-Free Remote Code Execution Vulnerability

Product-acrobat_dc acrobat_reader acrobat acrobat_reader_dc windows macos Acrobat Reader

CWE ID-CWE-416

Use After Free

CVE-2023-26368

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.11% / 29.98%

7 Day CHG~0.00%

Published-16 Nov, 2023 | 15:45

Updated-04 Sep, 2024 | 20:43

Adobe InCopy Out-of-Bounds Read Vulnerability v1.0

Adobe InCopy versions 18.5 (and earlier) and 17.4.2 (and earlier) are affected by are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Product-incopy windows macos InCopy incopy

CWE ID-CWE-125

Out-of-bounds Read

CVE-2023-26413

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.20% / 41.78%

7 Day CHG~0.00%

Published-13 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:04

ZDI-CAN-20315: Adobe Substance 3D Designer USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Product-windows macos substance_3d_designer Substance3D - Designer

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2023-26393

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.20% / 41.88%

7 Day CHG~0.00%

Published-12 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:07

ZDI-CAN-20234: Adobe Substance 3D Stager USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Product-windows macos substance_3d_stager Substance3D - Stager

CWE ID-CWE-125

Out-of-bounds Read

CVE-2023-26407

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.42% / 61.30%

7 Day CHG~0.00%

Published-12 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:06

ZDI-CAN-20712: Net.HTTP.request Arbitrary Command Execution

Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Product-acrobat_dc acrobat_reader acrobat acrobat_reader_dc windows macos Acrobat Reader

CWE ID-CWE-20

Improper Input Validation

CVE-2023-26384

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.26% / 48.70%

7 Day CHG~0.00%

Published-12 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:08

ZDI-CAN-20279: Adobe Substance 3D Stager USD File Parsing Use-After-Free Remote Code Execution Vulnerability

Product-windows macos substance_3d_stager Substance3D - Stager

CWE ID-CWE-416

Use After Free

CVE-2023-26395

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-1.80% / 82.50%

7 Day CHG~0.00%

Published-12 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:07

Adobe Acrobat parsing PDF Out-of-bounds Write Arbitrary code execution

Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Product-acrobat_dc acrobat_reader acrobat acrobat_reader_dc windows macos Acrobat Reader

CWE ID-CWE-787

Out-of-bounds Write

CVE-2023-26405

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.42% / 61.30%

7 Day CHG~0.00%

Published-12 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:06

ZDI-CAN-20712: Object Prototype pollution which leads to API Restrictions Bypass

Product-acrobat_dc acrobat_reader acrobat acrobat_reader_dc windows macos Acrobat Reader

CWE ID-CWE-20

Improper Input Validation

CVE-2023-26414

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.26% / 48.70%

7 Day CHG~0.00%

Published-13 Apr, 2023 | 00:00

Updated-05 Mar, 2025 | 19:04

ZDI-CAN-20316: Adobe Substance 3D Designer USD File Parsing Use-After-Free Remote Code Execution Vulnerability

Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Product-windows macos substance_3d_designer Substance3D - Designer

CWE ID-CWE-416

Use After Free

CVE-2021-21038

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-4.15% / 88.44%

7 Day CHG~0.00%

Published-11 Feb, 2021 | 19:42

Updated-17 Sep, 2024 | 01:56

Acrobat Reader DC Out-Of-Bounds Write Vulnerability Could Lead To Arbitrary Code Execution

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Product-acrobat_dc acrobat_reader acrobat acrobat_reader_dc windows macos Acrobat Reader

CWE ID-CWE-787

Out-of-bounds Write

CVE-2023-25903

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.14% / 34.72%

7 Day CHG~0.00%

Published-28 Mar, 2023 | 00:00

Updated-05 Mar, 2025 | 19:16

Adobe Dimension USDZ files Integer Overflow or Wraparound Arbitrary code execution

Adobe Dimension versions 3.4.7 (and earlier) is affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CWE ID-CWE-190

Integer Overflow or Wraparound

CVE-2023-26332

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.03% / 10.46%

7 Day CHG~0.00%

Published-28 Mar, 2023 | 00:00

Updated-05 Mar, 2025 | 19:14

ZDI-CAN-20144: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CWE ID-CWE-125

Out-of-bounds Read

CVE-2023-25867

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.11% / 28.83%

7 Day CHG~0.00%

Published-27 Mar, 2023 | 00:00

Updated-05 Mar, 2025 | 19:21

Adobe Substance 3D Stager PCX File Parsing Memory Corruption Remote Code Execution Vulnerability

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Product-windows macos substance_3d_stager Substance3D - Stager

CWE ID-CWE-20

Improper Input Validation

CVE-2015-5123

Matching Score-8

Matching Score-8

Product-macos enterprise_linux_server evergreen enterprise_linux_desktop flash_player windows linux_enterprise_desktop flash_player_desktop_runtime enterprise_linux_workstation enterprise_linux_server_eus linux_kernel linux_enterprise_workstation_extension n/a Flash Player

CVSS Score-7.8||HIGH

EPSS-47.56% / 97.63%

7 Day CHG~0.00%

Published-14 Jul, 2015 | 10:00

Updated-17 Nov, 2025 | 20:15

Known KEV||Action Due Date - 2022-05-04||The impacted product is end-of-life and should be disconnected if still in use.

Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.

Vendor-n/a SUSE Red Hat, Inc.Microsoft Corporation openSUSE Adobe Inc.Linux Kernel Organization, Inc Apple Inc.

CWE ID-CWE-416

Use After Free

CVE-2023-25871

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.26% / 48.70%

7 Day CHG~0.00%

Published-27 Mar, 2023 | 00:00

Updated-05 Mar, 2025 | 19:20

Adobe Substance 3D Stager SVG File Parsing Use-After-Free Remote Code Execution Vulnerability

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Product-windows macos substance_3d_stager Substance3D - Stager

CWE ID-CWE-416

Use After Free

CVE-2023-25879

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.11% / 29.79%

7 Day CHG~0.00%

Published-28 Mar, 2023 | 00:00

Updated-05 Mar, 2025 | 19:19

ZDI-CAN-19389: Adobe Dimension OBJ File Improper Input Validation Remote Code Execution

Adobe Dimension versions 3.4.7 (and earlier) is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CWE ID-CWE-20

Improper Input Validation

CVE-2023-25865

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.11% / 28.83%

7 Day CHG~0.00%

Published-27 Mar, 2023 | 00:00

Updated-05 Mar, 2025 | 19:21

Adobe Substance 3D Stager OBJ File Parsing Memory Corruption Remote Code Execution Vulnerability

Product-windows macos substance_3d_stager Substance3D - Stager

CWE ID-CWE-20

Improper Input Validation

CVE-2023-25874

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.19% / 40.53%

7 Day CHG~0.00%

Published-27 Mar, 2023 | 00:00

Updated-05 Mar, 2025 | 19:20

Adobe Substance 3D Stager SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Product-windows macos substance_3d_stager Substance3D - Stager

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-1838

Matching Score-8

Assigner-Apple Inc.

Matching Score-8

Assigner-Apple Inc.

CVSS Score-7.8||HIGH

EPSS-0.34% / 56.08%

7 Day CHG~0.00%

Published-08 Sep, 2021 | 14:44

Updated-03 Aug, 2024 | 16:25

This issue was addressed with improved checks. This issue is fixed in iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

Vendor-Apple Inc.

Product-iphone_os ipados iOS and iPadOS

CVE-2023-25884

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.20% / 41.88%

7 Day CHG~0.00%

Published-28 Mar, 2023 | 00:00

Updated-05 Mar, 2025 | 19:19

ZDI-CAN-19411: Adobe Dimension GLTF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CWE ID-CWE-125

Out-of-bounds Read

CVE-2023-26331

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.03% / 10.46%

7 Day CHG~0.00%

Published-28 Mar, 2023 | 00:00

Updated-05 Mar, 2025 | 19:15

ZDI-CAN-20145: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

CWE ID-CWE-125

Out-of-bounds Read

CVE-2023-25904

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.19% / 40.62%

7 Day CHG~0.00%

Published-28 Mar, 2023 | 00:00

Updated-05 Mar, 2025 | 19:16

Adobe Dimension Out-of-bounds Read USDZ file Arbitrary code execution

CWE ID-CWE-125

Out-of-bounds Read

CVE-2023-26330

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.15% / 35.87%

7 Day CHG~0.00%

Published-28 Mar, 2023 | 00:00

Updated-05 Mar, 2025 | 19:15

ZDI-CAN-20146: Adobe Dimension USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2023-25890

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.19% / 40.53%

7 Day CHG~0.00%

Published-28 Mar, 2023 | 00:00

Updated-05 Mar, 2025 | 19:18

ZDI-CAN-19493: Adobe Dimension USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2023-25887

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.19% / 40.62%

7 Day CHG~0.00%

Published-28 Mar, 2023 | 00:00

Updated-05 Mar, 2025 | 19:18

ZDI-CAN-19450: Adobe Dimension USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

CWE ID-CWE-125

Out-of-bounds Read

CVE-2023-25901

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.11% / 28.83%

7 Day CHG~0.00%

Published-28 Mar, 2023 | 00:00

Updated-05 Mar, 2025 | 19:16

ZDI-CAN-19508: Adobe Dimension USD File Improper Input Validation Remote Code Execution Vulnerability

CWE ID-CWE-20

Improper Input Validation

CVE-2023-25870

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.14% / 34.72%

7 Day CHG~0.00%

Published-27 Mar, 2023 | 00:00

Updated-05 Mar, 2025 | 19:20

Adobe Substance 3D Stager SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Product-windows macos substance_3d_stager Substance3D - Stager

CWE ID-CWE-787

Out-of-bounds Write

CVE-2023-25908

Matching Score-8

Matching Score-8

CVSS Score-7.8||HIGH

EPSS-0.33% / 55.10%

7 Day CHG~0.00%

Published-27 Mar, 2023 | 00:00

Updated-02 Aug, 2024 | 11:32

Adobe Photoshop SVG file Use After Free Arbitrary code execution

Adobe Photoshop versions 23.5.3 (and earlier) and 24.1.1 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.