Out-of-Bounds Read Vulnerability in Substance3D Modeler Could Lead to Memory Disclosure
CVE-2024-53005
5.5MEDIUM
Key Information:
- Vendor
- Substance3D
- Status
- Substance 3d Modeler
- Vendor
- CVE Published:
- 10 December 2024
Summary
An out-of-bounds read vulnerability exists in Adobe Substance3D Modeler that affects versions 1.14.1 and earlier. This vulnerability can allow an attacker to disclose sensitive information from the application’s memory space. The exploitation of this vulnerability requires user interaction, specifically, a victim must open a specially crafted malicious file, which could potentially lead to bypassing memory protection mechanisms such as Address Space Layout Randomization (ASLR). This security issue underscores the importance of maintaining updated software and practicing caution when opening files from untrusted sources.
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published