The vulnerability of the 3D model texturing program Adobe Substance 3D Designer, related to reading data outside the buffer in memory, allows a hacker to execute arbitrary code.

🗓️ 25 Oct 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

Adobe Substance 3D Designer vulnerability enables code execution via out-of-bounds memory reads with a crafted universal scene description file.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2023-26409	14 Apr 202300:25	–	circl
CNNVD	Adobe Substance 3D Designer 缓冲区错误漏洞	13 Apr 202300:00	–	cnnvd
CVE	CVE-2023-26409	13 Apr 202300:00	–	cve
Cvelist	CVE-2023-26409 ZDI-CAN-20313: Adobe Substance 3D Designer USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability	13 Apr 202300:00	–	cvelist
EUVD	EUVD-2023-30229	3 Oct 202520:07	–	euvd
NVD	CVE-2023-26409	13 Apr 202320:15	–	nvd
OSV	CVE-2023-26409	13 Apr 202320:15	–	osv
Prion	Design/Logic Flaw	13 Apr 202320:15	–	prion
Positive Technologies	PT-2023-6364 · Adobe · Substance3D - Designer	11 Apr 202300:00	–	ptsecurity
Vulnrichment	CVE-2023-26409 ZDI-CAN-20313: Adobe Substance 3D Designer USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability	13 Apr 202300:00	–	vulnrichment

Vulners

Node

adobe_systems adobe_substance_3d_designerRange≤12.4.0

Source	Link
helpx	www.helpx.adobe.com/security/products/substance3d_designer/apsb23-28.html
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-23-405/
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2023041337
web	www.web.nvd.nist.gov/view/vuln/detail
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-23-405/

25 Oct 2023 00:00Current

7.8High risk

Vulners AI Score7.8

CVSS 27.2

CVSS 37.8

EPSS0.00097

arbitrary code execution memory corruption buffer overread universal scene description substance designer