Out-of-Bounds Read Vulnerability in Substance3D Modeler Could Lead to Memory Disclosure
CVE-2024-53005

5.5MEDIUM

Key Information:

Vendor: Substance3D
Status: Substance 3d Modeler
Vendor: CVE Published:; 10 December 2024

🔔 Create Substance3D Vulnerability Alert

What is CVE-2024-53005?

An out-of-bounds read vulnerability exists in Adobe Substance3D Modeler that affects versions 1.14.1 and earlier. This vulnerability can allow an attacker to disclose sensitive information from the application’s memory space. The exploitation of this vulnerability requires user interaction, specifically, a victim must open a specially crafted malicious file, which could potentially lead to bypassing memory protection mechanisms such as Address Space Layout Randomization (ASLR). This security issue underscores the importance of maintaining updated software and practicing caution when opening files from untrusted sources.

References

https://helpx.adobe.com/security/products/substance3d-mod...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2024