Substance3D - Painter | Out-of-bounds Write (CWE-787)
CVE-2024-49522

7.8HIGH

Key Information:

Vendor: Adobe
Status: Substance3d - Painter
Vendor: CVE Published:; 5 November 2024

What is CVE-2024-49522?

Adobe Substance3D Painter versions 10.0.1 and earlier are impacted by an out-of-bounds write vulnerability, which can lead to arbitrary code execution when a malicious file is opened by the user. This flaw necessitates user interaction for exploitation, making it essential for users of the affected versions to assess the security measures surrounding file handling to mitigate risks associated with potential exploitation.

Affected Version(s)

Substance3D - Painter 0 <= 10.0.1

References

https://helpx.adobe.com/security/products/substance3d_pai...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 5, 2024
Vulnerability Reserved
Oct 15, 2024