Out-of-Bounds Read Vulnerability in Substance3D Painter by Adobe
CVE-2024-47436

5.5MEDIUM

Key Information:

Vendor: Adobe
Status: Substance 3d Painter
Vendor: CVE Published:; 12 November 2024

Summary

Substance3D Painter, specifically versions 10.1.0 and earlier, is susceptible to an out-of-bounds read vulnerability. This flaw may enable attackers to disclose sensitive memory data by leveraging user interaction through malicious file handling. The vulnerability bypasses common mitigations such as Address Space Layout Randomization (ASLR), emphasizing the need for users to exercise caution when opening files from untrusted sources.

References

https://helpx.adobe.com/security/products/substance3d_pai...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024