ZDI-CAN-20361: Adobe Substance 3D Painter USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-29283

7.8HIGH

Key Information:

Vendor: Adobe
Status: Substance3d - Painter
Vendor: CVE Published:; 11 May 2023

Summary

Adobe Substance 3D Painter versions 8.3.0 and earlier have a Heap-based Buffer Overflow vulnerability that may enable an attacker to execute arbitrary code within the context of the current user. This vulnerability requires user interaction, as the victim must open a specially crafted file to trigger the exploit. It is crucial for users of the affected versions to exercise caution regarding untrusted files and to stay informed on best practices for software security.

Affected Version(s)

Substance3D - Painter <= 8.3.0

Substance3D - Painter <= unspecified

References

https://helpx.adobe.com/security/products/substance3d_pai...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 11, 2023
Vulnerability Reserved
Apr 4, 2023