CVE-2024-47437

Name of the Vulnerable Software and Affected Versions: Substance3D - Painter versions 10.1.0 and earlier

Description: The issue is related to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. This vulnerability could be leveraged by an attacker to bypass mitigations such as ASLR. Exploitation requires user interaction, where a victim must open a malicious file, potentially allowing an attacker to gain unauthorized access to protected information.

Recommendations: For Substance3D - Painter versions 10.1.0 and earlier, as a temporary workaround, consider restricting the opening of files from untrusted sources until a patch is available. Avoid using the software to open malicious or unverified files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.