Arbitrary Code Execution Vulnerability in Substance3D Modeler
CVE-2024-53003

7.8HIGH

Key Information:

Vendor: Substance3D
Status: Substance 3d Modeler
Vendor: CVE Published:; 10 December 2024

Summary

Substance3D Modeler is susceptible to an out-of-bounds write vulnerability that may allow an attacker to execute arbitrary code within the context of the affected user. This vulnerability particularly arises when a user opens a specially crafted malicious file, which triggers the flaw. The issue is linked to how the application handles memory, leading to potential exploitation if users interact with compromised files. It is crucial for users and administrators to be aware of this risk and ensure appropriate measures are taken to mitigate exposure to this vulnerability.

References

https://helpx.adobe.com/security/products/substance3d-mod...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 10, 2024

Collectors

NVD Database