CVE-2024-53957

Name of the Vulnerable Software and Affected Versions: Substance3D - Painter versions 10.1.1 and earlier

Description: The issue is caused by a heap-based buffer overflow in the dynamic memory of the Substance 3D Painter program. Exploitation of this issue could allow an attacker to execute arbitrary code in the context of the current user by using a specially crafted file. User interaction is required to exploit this issue, as the victim must open a malicious file.

Recommendations: For versions 10.1.1 and earlier, update to a version later than 10.1.1 to resolve the issue. As a temporary workaround, consider avoiding the use of files from untrusted sources to minimize the risk of exploitation.