The vulnerability of the Substance 3D Stager software lies in its reliance on memory after it is freed, allowing an attacker to execute arbitrary code.

🗓️ 16 Oct 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Substance 3D Stager has a use-after-free vulnerability enabling code execution during SKP analysis.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2024-45138	8 Oct 202405:00	–	circl
CNNVD	Adobe Substance 3D Stager 资源管理错误漏洞	9 Oct 202400:00	–	cnnvd
CVE	CVE-2024-45138	9 Oct 202413:28	–	cve
Cvelist	CVE-2024-45138 Substance3D - Stager \| Use After Free (CWE-416)	9 Oct 202413:28	–	cvelist
EUVD	EUVD-2024-41322	3 Oct 202520:07	–	euvd
Tenable Nessus	Adobe Substance 3D Sampler 3.0.4 Multiple Vulnerabilities (apsb24-81)	11 Oct 202400:00	–	nessus
NVD	CVE-2024-45138	9 Oct 202414:15	–	nvd
OSV	CVE-2024-45138	9 Oct 202414:15	–	osv
Positive Technologies	PT-2024-6874 · Adobe · Substance3D - Stager	1 May 202400:00	–	ptsecurity
Vulnrichment	CVE-2024-45138 Substance3D - Stager \| Use After Free (CWE-416)	9 Oct 202413:28	–	vulnrichment

Vulners

Node

adobe_systems substance_3d_stagerRange<3.0.4

Source	Link
helpx	www.helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-CAN-24056/
web	www.web.nvd.nist.gov/view/vuln/detail
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-24-1331/

16 Oct 2024 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 27.2

CVSS 37.8

EPSS0.0019

Substance 3D Stager use after free arbitrary code execution SKP analysis