Out-of-Bounds Write Vulnerability in Substance3D Painter by Adobe
CVE-2024-47432

7.8HIGH

Key Information:

Vendor: Adobe
Status: Substance 3d Painter
Vendor: CVE Published:; 12 November 2024

What is CVE-2024-47432?

Substance3D Painter, a product developed by Adobe, is affected by a vulnerability that allows for out-of-bounds write operations in its architecture. This issue exists in versions 10.1.0 and earlier, posing a risk for users who may unwittingly open compromised files. Successfully exploiting this vulnerability requires user interaction; thus, a user must open a malicious file. If exploited, it could lead to arbitrary code execution within the security context of the affected user, highlighting the importance of caution when handling potentially harmful files.

References

https://helpx.adobe.com/security/products/substance3d_pai...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2024