Substance3D Modeler vulnerable to Heap-based Buffer Overflow
CVE-2024-52999

7.8HIGH

Key Information:

Vendor: Substance3D
Status: Substance 3d Modeler
Vendor: CVE Published:; 10 December 2024

Summary

The Heap-based Buffer Overflow vulnerability in Substance3D Modeler versions 1.14.1 and earlier poses significant security concerns, enabling potential arbitrary code execution within the context of the current user. To exploit this vulnerability, an attacker must entice a user to open a specially crafted malicious file, leading to unauthorized access and control over affected systems. Users of these versions are advised to take precautions against such threats by avoiding untrusted files and applying relevant updates to mitigate risk.

References

https://helpx.adobe.com/security/products/substance3d-mod...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 10, 2024