CVE-2024-20787

Name of the Vulnerable Software and Affected Versions Substance3D - Painter versions 10.0.1 and earlier

Description The issue is related to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction, specifically that a victim must open a malicious file. This vulnerability may allow an attacker to gain unauthorized access to protected information.

Recommendations For Substance3D - Painter versions 10.0.1 and earlier, update to the latest patched version immediately to mitigate the threat. As a temporary workaround, consider avoiding the use of potentially malicious files until a patch is available. Restrict access to sensitive information and ensure that all users are aware of the potential risks associated with opening untrusted files.