Out-of-Bounds Read Vulnerability in Substance3D Painter Could Lead to Sensitive Memory Disclosure
CVE-2024-20787

5.5MEDIUM

Key Information:

Vendor: Substance3D
Status: Substance 3d Painter
Vendor: CVE Published:; 9 October 2024

Summary

An out-of-bounds read vulnerability exists in Substance3D Painter, affecting versions 10.0.1 and earlier. This vulnerability can lead to the disclosure of sensitive memory information, which poses risks to users. An attacker might exploit this issue to bypass protections such as Address Space Layout Randomization (ASLR). Successful exploitation typically requires user interaction, specifically the opening of a specially crafted malicious file, which underscores the need for vigilance among users regarding the file types they access.

References

https://helpx.adobe.com/security/products/substance3d_pai...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 9, 2024