ZDI-CAN-20359: Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2023-29282

7.8HIGH

Key Information:

Vendor: Adobe
Status: Substance3d - Painter
Vendor: CVE Published:; 11 May 2023

Summary

A significant out-of-bounds write vulnerability exists in Adobe Substance 3D Painter versions 8.3.0 and earlier. This security issue allows malicious actors to execute arbitrary code in the context of the current user, but successful exploitation requires the user to open a specially crafted file. Users are advised to remain vigilant and avoid opening untrusted files to mitigate the risks associated with this flaw.

Affected Version(s)

Substance3D - Painter <= 8.3.0

Substance3D - Painter <= unspecified

References

https://helpx.adobe.com/security/products/substance3d_pai...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 11, 2023
Vulnerability Reserved
Apr 4, 2023