Out-of-Bounds Write Vulnerability Affects Substance3D Modeler
CVE-2024-53002

7.8HIGH

Key Information:

Vendor: Substance3D
Status: Substance 3d Modeler
Vendor: CVE Published:; 10 December 2024

Summary

An out-of-bounds write vulnerability exists in Adobe's Substance3D Modeler prior to version 1.14.1. This flaw can lead to arbitrary code execution, which poses a significant risk if an attacker persuades a user to open a specially crafted file. Successful exploitation of this vulnerability allows the attacker to execute unauthorized code within the context of the victim's session, making it critical for users to update to the latest version to mitigate potential risks. For further information, refer to the detailed advisory on Adobe's security page.

References

https://helpx.adobe.com/security/products/substance3d-mod...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 10, 2024

Collectors

NVD Database