PT-2024-1764 · Adobe · Substance3D - Painter
Published
2024-02-13
·
Updated
2024-02-16
·
CVE-2024-20724
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Substance3D - Painter versions 9.1.1 and earlier
Description
The issue is related to an out-of-bounds read operation in memory. Exploitation of this issue could allow an attacker to disclose sensitive memory information. It may also enable bypassing certain security mitigations. The exploitation requires user interaction, such as opening a malicious file.
Recommendations
For Substance3D - Painter versions 9.1.1 and earlier, update to a version later than 9.1.1 to resolve the issue.
As a temporary workaround, consider avoiding the use of potentially malicious files with Substance3D - Painter until a patch is available.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Substance3D - Painter