cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-49519,https://securityvulnerability.io/vulnerability/CVE-2024-49519,Substance3D - Painter | Out-of-bounds Write (CWE-787),"The vulnerability in Adobe Substance3D Painter is characterized by an out-of-bounds write issue that permits arbitrary code execution in the context of the user. This security flaw necessitates user action, as an attacker must convince the user to open a specially crafted malicious file. The exploitation of this vulnerability raises significant concerns for users, particularly those utilizing affected versions, as it could lead to unauthorized operations on their systems.",Adobe,Substance3d - Painter,7.8,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2024-11-12T20:15:00.000Z,0
CVE-2024-49525,https://securityvulnerability.io/vulnerability/CVE-2024-49525,Substance3D - Painter | Heap-based Buffer Overflow (CWE-122),"Substance3D Painter, developed by Adobe, has been identified to have a Heap-based Buffer Overflow vulnerability in versions 10.1.0 and earlier. This flaw allows for potential arbitrary code execution within the context of the current user. Exploitation necessitates user interaction, specifically requiring the victim to open a malicious file. Given the nature of this vulnerability, it poses significant risks for users who handle unverified or suspicious files, urging the need for vigilance and prompt updates to the latest software versions.",Adobe,Substance3d - Painter,7.8,HIGH,0.0006900000153109431,false,,false,false,false,,,false,false,,2024-11-12T20:15:00.000Z,0
CVE-2024-47427,https://securityvulnerability.io/vulnerability/CVE-2024-47427,Substance3D - Painter | Out-of-bounds Write (CWE-787),"Substance3D Painter versions 10.1.0 and earlier have an out-of-bounds write vulnerability that may allow an attacker to execute arbitrary code within the context of the current user. Successful exploitation of this vulnerability necessitates that the user opens a specially crafted malicious file, thus emphasizing the importance of user awareness and file source verification to mitigate potential risks.",Adobe,Substance3d - Painter,7.8,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2024-11-12T20:15:00.000Z,0
CVE-2024-47426,https://securityvulnerability.io/vulnerability/CVE-2024-47426,Substance3D - Painter | Double Free (CWE-415),"Substance3D - Painter versions 10.1.0 and earlier are susceptible to a double free vulnerability, allowing attackers to execute arbitrary code within the context of the current user. Exploitation of this vulnerability necessitates user interaction, whereby the affected user must open a specially crafted malicious file. This flaw emphasizes the need for vigilance and secure file handling practices to prevent potential security breaches.",Adobe,Substance3d - Painter,7.8,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2024-11-12T20:15:00.000Z,0
CVE-2024-49522,https://securityvulnerability.io/vulnerability/CVE-2024-49522,Substance3D - Painter | Out-of-bounds Write (CWE-787),"Adobe Substance3D Painter versions 10.0.1 and earlier are impacted by an out-of-bounds write vulnerability, which can lead to arbitrary code execution when a malicious file is opened by the user. This flaw necessitates user interaction for exploitation, making it essential for users of the affected versions to assess the security measures surrounding file handling to mitigate risks associated with potential exploitation.",Adobe,Substance3d - Painter,7.8,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2024-11-05T16:59:00.189Z,0
CVE-2024-30307,https://securityvulnerability.io/vulnerability/CVE-2024-30307,Arbitrary Code Execution Vulnerability in Substance3D Painter Could Lead to User Data Theft,"Adobe Substance3D Painter versions 9.1.2 and earlier are susceptible to an out-of-bounds write vulnerability that allows for arbitrary code execution in the context of the current user. This vulnerability requires user interaction, as exploitation involves opening a specially crafted malicious file. Users of affected versions should exercise caution and ensure that their copies of Substance3D Painter are updated to mitigate potential risks.",Adobe,Substance3d - Painter,7.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-05-16T08:25:56.372Z,0
CVE-2024-30308,https://securityvulnerability.io/vulnerability/CVE-2024-30308,Substance3D Painter Vulnerability Could Lead to Disclosure of Sensitive Memory,Substance3D - Painter versions 9.1.2 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,Adobe,Substance3d - Painter,5.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-05-16T08:25:55.591Z,0
CVE-2024-30274,https://securityvulnerability.io/vulnerability/CVE-2024-30274,Arbitrary Code Execution Vulnerability in Substance3D Painter Could Lead to User Data Theft,"Substance3D Painter versions 9.1.2 and earlier are susceptible to an out-of-bounds write vulnerability that could allow an attacker to execute arbitrary code on the affected system. This issue arises when a victim interacts with a malicious file, which could lead to the execution of harmful operations in the context of the current user. User awareness and incident response strategies are essential to mitigate the risks associated with this vulnerability.",Adobe,Substance3d - Painter,7.8,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2024-05-16T08:25:54.843Z,0
CVE-2024-30309,https://securityvulnerability.io/vulnerability/CVE-2024-30309,Substance3D Painter Vulnerability Could Lead to Disclosure of Sensitive Memory,Substance3D - Painter versions 9.1.2 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,Adobe,Substance3d - Painter,5.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-05-16T08:25:54.090Z,0
CVE-2024-20744,https://securityvulnerability.io/vulnerability/CVE-2024-20744,Arbitrary Code Execution Vulnerability in Substance3D Painter Could Lead to User Data Theft,"An out-of-bounds write vulnerability exists in Adobe Substance3D Painter versions 9.1.1 and earlier. This flaw can lead to arbitrary code execution within the context of the current user, posing significant security risks. Successful exploitation necessitates user interaction, as the victim must open a specially crafted malicious file. Users of affected versions are encouraged to implement the latest security updates and to exercise caution when handling untrusted files.",Adobe,Substance3d - Painter,7.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-02-15T10:12:21.659Z,0
CVE-2024-20724,https://securityvulnerability.io/vulnerability/CVE-2024-20724,Painter Vulnerability Could Lead to Disclosure of Sensitive Memory,Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,Adobe,Substance3d - Painter,5.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-02-15T10:12:20.882Z,0
CVE-2024-20743,https://securityvulnerability.io/vulnerability/CVE-2024-20743,Arbitrary Code Execution Vulnerability in Substance3D Painter Could Lead to User Data Theft,"Adobe Substance3D Painter versions 9.1.1 and earlier are impacted by an out-of-bounds write vulnerability that poses a risk of arbitrary code execution within the current user's environment. This vulnerability necessitates user interaction, as it can only be exploited when a user opens a specially crafted malicious file. Vigilance in file handling and timely software updates are essential to mitigate this risk and enhance cybersecurity.",Adobe,Substance3d - Painter,7.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-02-15T10:12:20.081Z,0
CVE-2024-20722,https://securityvulnerability.io/vulnerability/CVE-2024-20722,Painter Vulnerability Could Lead to Disclosure of Sensitive Memory,Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,Adobe,Substance3D - Painter,5.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-02-15T10:12:19.267Z,0
CVE-2024-20740,https://securityvulnerability.io/vulnerability/CVE-2024-20740,Arbitrary Code Execution Vulnerability in Substance3D Painter Could Lead to User Data Theft,"An out-of-bounds write vulnerability has been identified in Adobe Substance3D Painter versions 9.1.1 and earlier, potentially leading to arbitrary code execution within the context of the current user. Exploitation of this vulnerability necessitates user interaction, as the victim must open a specifically crafted malicious file. This highlights the importance of cautious file handling practices and maintaining updated software versions to mitigate risks associated with such vulnerabilities.",Adobe,Substance3D - Painter,7.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-02-15T10:12:18.489Z,0
CVE-2024-20742,https://securityvulnerability.io/vulnerability/CVE-2024-20742,Out-of-Bounds Read Vulnerability in Substance3D Painter Could Lead to Code Execution,"Substance3D Painter versions 9.1.1 and earlier are susceptible to an out-of-bounds read vulnerability when processing specially crafted files. This vulnerability allows attackers to potentially read past the end of allocated memory structures, creating opportunities for code execution within the context of the affected user's session. Exploitation of this vulnerability necessitates user interaction, as it requires the victim to open a crafted malicious file. Users should exercise caution when handling files from unknown sources to mitigate potential security risks.",Adobe,Substance3D - Painter,7.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-02-15T10:12:17.695Z,0
CVE-2024-20741,https://securityvulnerability.io/vulnerability/CVE-2024-20741,Arbitrary Code Execution Vulnerability in Substance3D Painter Could Lead to User Data Theft,"The vulnerability in Adobe's Substance3D Painter, specifically in versions 9.1.1 and earlier, introduces a write-what-where condition. This flaw can be exploited to execute arbitrary code within the context of the current user session. The exploitation process requires user engagement, as it involves opening a specially crafted malicious file. As a result, users should exercise caution when handling unknown or untrusted files to mitigate potential risks associated with this vulnerability.",Adobe,Substance3d - Painter,7.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-02-15T10:12:16.875Z,0
CVE-2024-20723,https://securityvulnerability.io/vulnerability/CVE-2024-20723,Buffer Overflow Vulnerability Affects Substance3D Painter Versions 9.1.1 and Earlier,"Substance3D Painter, developed by Adobe, is impacted by a buffer overflow vulnerability that allows for potential arbitrary code execution within the context of the current user. This vulnerability affects versions 9.1.1 and prior, necessitating user interaction for exploitation to occur. Affected users must open a specially crafted malicious file to trigger this security risk, thus highlighting the importance of cautious file handling and security hygiene.",Adobe,Substance3d - Painter,7.8,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2024-02-15T10:12:15.995Z,0
CVE-2024-20725,https://securityvulnerability.io/vulnerability/CVE-2024-20725,Painter Vulnerability Could Lead to Disclosure of Sensitive Memory,Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,Adobe,Substance3D - Painter,5.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-02-15T10:12:15.196Z,0
CVE-2023-29280,https://securityvulnerability.io/vulnerability/CVE-2023-29280,ZDI-CAN-20372: Adobe Substance 3D Painter PLY File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability,"Adobe Substance 3D Painter versions 8.3.0 and earlier contain an out-of-bounds read vulnerability triggered when parsing specially crafted files. This flaw may allow attackers to read past allocated memory, potentially enabling code execution within the context of the user. Notably, successful exploitation necessitates user interaction, as a targeted victim must open the crafted malicious file to activate the vulnerability.",Adobe,Substance3D - Painter,7.8,HIGH,0.00107999995816499,false,,false,false,false,,,false,false,,2023-05-11T00:00:00.000Z,0
CVE-2023-29279,https://securityvulnerability.io/vulnerability/CVE-2023-29279,ZDI-CAN-20368: Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability,Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,Adobe,Substance3D - Painter,5.5,MEDIUM,0.0010499999625608325,false,,false,false,false,,,false,false,,2023-05-11T00:00:00.000Z,0
CVE-2023-29278,https://securityvulnerability.io/vulnerability/CVE-2023-29278,ZDI-CAN-20371: Adobe Substance 3D Painter GLTF File Parsing Uninitialized Variable Information Disclosure Vulnerability,"Adobe Substance 3D Painter versions 8.3.0 and earlier are susceptible to an Access of Uninitialized Pointer vulnerability. This issue can lead to arbitrary code execution within the context of the current user. Successful exploitation necessitates user interaction, as a user must open a specially-crafted malicious file. Users are advised to avoid opening unknown files and to ensure their software is up to date to mitigate potential risks. For further details, visit the Adobe security advisory.",Adobe,Substance3D - Painter,7.8,HIGH,0.002940000034868717,false,,false,false,false,,,false,false,,2023-05-11T00:00:00.000Z,0
CVE-2023-29277,https://securityvulnerability.io/vulnerability/CVE-2023-29277,ZDI-CAN-20370: Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability,Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.,Adobe,Substance3D - Painter,5.5,MEDIUM,0.0010499999625608325,false,,false,false,false,,,false,false,,2023-05-11T00:00:00.000Z,0
CVE-2023-29276,https://securityvulnerability.io/vulnerability/CVE-2023-29276,ZDI-CAN-20362: Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability,"Adobe Substance 3D Painter versions up to 8.3.0 are susceptible to an out-of-bounds write vulnerability that can enable arbitrary code execution within the current user's context. This security flaw necessitates user interaction, as an attacker must trick a victim into opening a specially crafted malicious file, thereby triggering the exploit.",Adobe,Substance3D - Painter,7.8,HIGH,0.0012799999676644802,false,,false,false,false,,,false,false,,2023-05-11T00:00:00.000Z,0
CVE-2023-29275,https://securityvulnerability.io/vulnerability/CVE-2023-29275,ZDI-CAN-20363: Adobe Substance 3D Painter USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability,"Adobe Substance 3D Painter versions 8.3.0 and earlier are vulnerable to an out-of-bounds read issue when processing specially crafted files. This flaw could allow an attacker to read beyond allocated memory structures, potentially facilitating code execution in the context of the current user. Exploitation of this vulnerability necessitates user interaction, as it requires the target to open a malicious file.",Adobe,Substance3D - Painter,7.8,HIGH,0.0022100000642240047,false,,false,false,false,,,false,false,,2023-05-11T00:00:00.000Z,0
CVE-2023-29284,https://securityvulnerability.io/vulnerability/CVE-2023-29284,ZDI-CAN-20365: Adobe Substance 3D Painter USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability,"Adobe Substance 3D Painter versions 8.3.0 and earlier contain a stack-based buffer overflow vulnerability, potentially allowing an attacker to execute arbitrary code in the context of the current user. To exploit the vulnerability, the targeted user must open a specially crafted malicious file. This poses a significant risk to users who interact with untrusted files, making it crucial to apply security updates promptly. Refer to the official Adobe advisory for further details and remediation steps.",Adobe,Substance3D - Painter,7.8,HIGH,0.05073999986052513,false,,false,false,false,,,false,false,,2023-05-11T00:00:00.000Z,0