CVE-2024-34115

Name of the Vulnerable Software and Affected Versions: Substance3D - Stager versions 2.1.4 and earlier

Description: The issue is related to an out-of-bounds write vulnerability in the SKP File Parser component of the Substance 3D Stager software. This vulnerability could allow an attacker to execute arbitrary code in the context of the current user. Exploitation requires user interaction, where a victim must open a malicious file.

Recommendations: For versions 2.1.4 and earlier, update to a version later than 2.1.4 to resolve the issue. As a temporary workaround, consider avoiding the use of the SKP File Parser component until a patch is available. Restrict access to potentially malicious files to minimize the risk of exploitation.