Out-of-Bounds Read Vulnerability in Adobe Substance3D Painter
CVE-2024-47435

5.5MEDIUM

Key Information:

Vendor: Adobe
Status: Substance 3d Painter
Vendor: CVE Published:; 12 November 2024

Summary

Substance3D Painter versions 10.1.0 and earlier are susceptible to an out-of-bounds read vulnerability, potentially allowing attackers to disclose sensitive memory data. This issue arises when a user opens a crafted file, enabling the attacker to bypass security measures like Address Space Layout Randomization (ASLR). Vigilance is required as user interaction is necessary for exploitation, emphasizing the importance of caution when handling untrusted files.

References

https://helpx.adobe.com/security/products/substance3d_pai...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024