Jetzt Ausprobieren
Vulnerability

Adobe Updates Fix Critical Vulnerabilities in 6 Products

6 min. read
13/04/2023
By Laura Libeer
Adobe Vulnerability

⚡ TL;DR | Go Straight to the Adobe Acrobat (Reader) Vulnerability Report

On April 11th, Adobe released a series of updates addressing 56 vulnerabilities across 6 products. All of these vulnerabilities received a CVSS base score between 5.5 and 8.6, with most of them being critical. Exploitation could lead to a number of problems like arbitrary code execution, privilege escalation, security feature bypass, and memory leak. For your organization, this could result in the loss or even theft of business-critical or sensitive files and data, disruptions in business operations, and application failures.

As the vulnerabilities affect several different Adobe products and versions, you can find lists of the affected versions per product below. We have provided a report to help you find vulnerable installations of Adobe Acrobat and Reader for Windows. Of course, you can also use Lansweeper to find installations of the other products.

Affected Software and Versions

Adobe Acrobat and Reader

In Adobe Acrobat and Acrobat Reader for Windows and macOS, 16 vulnerabilities were fixed, 14 of which are critical. Successful exploitation of these vulnerabilities could lead to arbitrary code execution, privilege escalation, security feature bypass, and memory leak. Detailed instructions on how to update your installations can be found on Adobe’s bulletin.

ProductAffected versionUpdated VersionAvailability
Acrobat DC23.001.20093 and earlier versions2.300.120.143Release notes
Acrobat Reader DC23.001.20093 and earlier versions2.300.120.143Release notes
Acrobat 202020.005.30441 and earlier versions2.000.530.467Release notes
Acrobat Reader 202020.005.30441 and earlier versions2.000.530.467Release notes

Based on this list of affected products and versions in Adobe’s security bulletin, we have created a special Lansweeper report that will provide a list of all installations for Windows in your environment that could be affected by these vulnerabilities.

Adobe Digital Editions

The update to Adobe Digital Editions addresses 1 critical vulnerability that could result in arbitrary code execution. It recommends that you update your installation to the newest version.

ProductAffected versionUpdated VersionAvailability
Adobe Digital Editions4.5.11.187303 and earlier versions4.5.11.187658Download Page

Adobe InCopy

In Adobe Incopy for Windows and macOS, 1 critical vulnerability was fixed that could lead to arbitrary code execution. Adobe recommends users update their installation to the newest version via the Creative Cloud desktop app’s update mechanism. You can find more information on their help page.

ProductAffected versionUpdated Version
Adobe InCopy  18.1 and earlier versions18.2
17.4 and earlier versions    17.4.1

Substance 3D Stager

In Adobe Substance 3D Stager for Windows and macOS, 14 vulnerabilities have been patched, 10 of which were critical. Successful exploitation could lead to arbitrary code execution and memory leak in the context of the current user.   Adobe recommends that you update your installation to the newest version via the Creative Cloud desktop app’s update mechanism. You can find more details on this help page.

ProductAffected versionUpdated VersionAvailability
Adobe Substance 3D Stager2.0.1 and earlier versions2.0.2Download Center     

Substance 3D Designer 

Another 9 vulnerabilities were patched in Substance 3D Designer, all of them critical. These could lead to arbitrary code execution in the context of the current user.  Just like before, you can update your installation to the newest version via the Creative Cloud desktop app’s update mechanism.  You can find more information on this help page.   

ProductAffected versionUpdated VersionAvailability
Adobe Substance 3D Designer12.4.0 and earlier versions12.4.0 and earlier versionsDownload Center     

Adobe Dimension

15 more vulnerabilities were fixed in Adobe Dimension for Windows and macOS, 14 of which are critical, that could lead to memory leak and arbitrary code execution in the context of the current user.  You are advised to update to the newest version via the Creative Cloud desktop app’s update mechanism.  For more information, you can reference this help page.   

ProductAffected versionUpdated VersionsAvailability
Adobe Dimension3.4.8 and earlier versions  3.4.9Download Center

Discover Vulnerable Adobe Products

Just like we did for the Adobe Acrobat (Reader) vulnerabilities above, you can use Lansweeper to discover any installs of the vulnerable Adobe products and versions in your network. This way you have an actionable list of devices and software that might require a patch.

Adobe August 2022 CVE Codes & Categories

CVE numberVulnerability CategoryCVSS base scoreAffected Product
CVE-2023-26395Out-of-bounds Write7.8Adobe Acrobat and Reader
CVE-2023-26396Violation of Secure Design Principles6.6Adobe Acrobat and Reader
CVE-2023-26397Out-of-bounds Read5.5Adobe Acrobat and Reader
CVE-2023-26405Improper Input Validation8.6Adobe Acrobat and Reader
CVE-2023-26406Improper Access Control8.6Adobe Acrobat and Reader
CVE-2023-26407Improper Input Validation8.6Adobe Acrobat and Reader
CVE-2023-26408Improper Access Control8.6Adobe Acrobat and Reader
CVE-2023-26417Use After Free7.8Adobe Acrobat and Reader
CVE-2023-26418Use After Free7.8Adobe Acrobat and Reader
CVE-2023-26419Use After Free7.8Adobe Acrobat and Reader
CVE-2023-26420Use After Free7.8Adobe Acrobat and Reader
CVE-2023-26421Integer Underflow (Wrap or Wraparound)7.8Adobe Acrobat and Reader
CVE-2023-26422Use After Free7.8Adobe Acrobat and Reader
CVE-2023-26423Use After Free7.8Adobe Acrobat and Reader
CVE-2023-26424Use After Free7.8Adobe Acrobat and Reader
CVE-2023-26425Out-of-bounds Read7.8Adobe Acrobat and Reader
CVE-2023-21582Out-of-bounds Write7.8Adobe Digital Editions
CVE-2023-22235Use After Free7.8Adobe InCopy
CVE-2023-26388Access of Memory Location After End of Buffer7.8Substance 3D Stager
CVE-2023-26389Out-of-bounds Read7.8Substance 3D Stager
CVE-2023-26390Stack-based Buffer Overflow7.8Substance 3D Stager
CVE-2023-26391Out-of-bounds Read7.8Substance 3D Stager
CVE-2023-26392Use After Free7.8Substance 3D Stager
CVE-2023-26393Out-of-bounds Read7.8Substance 3D Stager
CVE-2023-26394Heap-based Buffer Overflow7.8Substance 3D Stager
CVE-2023-26383Stack-based Buffer Overflow7.8Substance 3D Stager
CVE-2023-26384Use After Free7.8Substance 3D Stager
CVE-2023-26385Out-of-bounds Read5.5Substance 3D Stager
CVE-2023-26386Access of Memory Location After End of Buffer5.5Substance 3D Stager
CVE-2023-26387Access of Uninitialized Pointer5.5Substance 3D Stager
CVE-2023-26402Out-of-bounds Read7.8Substance 3D Stager
CVE-2023-26403Out-of-bounds Read5.5Substance 3D Stager
CVE-2023-26398Out-of-bounds Read7.8Substance 3D Designer
CVE-2023-26409Out-of-bounds Read7.8Substance 3D Designer
CVE-2023-26410Use After Free7.8Substance 3D Designer
CVE-2023-26411Out-of-bounds Read7.8Substance 3D Designer
CVE-2023-26412Stack-based Buffer Overflow7.8Substance 3D Designer
CVE-2023-26413Heap-based Buffer Overflow7.8Substance 3D Designer
CVE-2023-26414Use After Free7.8Substance 3D Designer
CVE-2023-26415Use After Free7.8Substance 3D Designer
CVE-2023-26416Heap-based Buffer Overflow7.8Substance 3D Designer
CVE-2023-26372Out-of-bounds Write7.8Adobe Dimension
CVE-2023-26373Out-of-bounds Write7.8Adobe Dimension
CVE-2023-26374Out-of-bounds Read7.8Adobe Dimension
CVE-2023-26375Out-of-bounds Read7.8Adobe Dimension
CVE-2023-26376Out-of-bounds Read7.8Adobe Dimension
CVE-2023-26377Out-of-bounds Read7.8Adobe Dimension
CVE-2023-26378Out-of-bounds Read7.8Adobe Dimension
CVE-2023-26379Out-of-bounds Read7.8Adobe Dimension
CVE-2023-26380Out-of-bounds Read7.8Adobe Dimension
CVE-2023-26381Out-of-bounds Read7.8Adobe Dimension
CVE-2023-26382Out-of-bounds Read7.8Adobe Dimension
CVE-2023-26400Out-of-bounds Read7.8Adobe Dimension
CVE-2023-26401Out-of-bounds Read5.5Adobe Dimension
CVE-2023-26404Out-of-bounds Read7.8Adobe Dimension
CVE-2023-26371Out-of-bounds Read7.8Adobe Dimension