CVE-2024-20742
Published Feb 15, 2024
Last updated 9 months ago
Overview
- Description
- Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
- Source
- psirt@adobe.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- psirt@adobe.com
- CWE-125
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:substance_3d_painter:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FBEF83BE-DB69-4C92-AB39-9218EDAD3B06",
"versionEndIncluding": "9.1.1"
}
],
"operator": "OR"
}
]
}
]