43 matches found
CVE-2023-21618
Adobe Substance 3D Designer (Windows/macOS) versions 12.4.1 and earlier are affected by an Access of Uninitialized Pointer vulnerability in SBS file parsing, leading to arbitrary code execution in the current user context. Exploitation requires user interaction (opening a malicious SBS file); no ...
CVE-2024-30281
CVE-2024-30281 affects Substance3D Designer
CVE-2023-26409
Adobe Substance 3D Designer 12.4.0 and earlier is affected by an out-of-bounds read while parsing a crafted file, potentially allowing code execution in the user’s context. Exploitation requires user interaction (victim must open a malicious file). Multiple connected sources corroborate the vulne...
CVE-2023-26410
CVE-2023-26410 affects Adobe Substance 3D Designer (version 12.4.0 and earlier). The issue is a Use-After-Free in USD file parsing that could lead to arbitrary code execution in the current user’s context. Exploitation requires user interaction (victim must open a malicious file). Public sources ...
CVE-2023-26415
Affected product: Adobe Substance 3D DesignerVulnerability: Out-of-bounds write in DAE file parsing could enable arbitrary code execution in the context of the current user.Attack surface / impact: Requires user interaction; victim must open a malicious file to trigger the issue (high impact, loc...
CVE-2025-21137
Affected product : Substance3D Designer. Vulnerable versions : 14.0 and earlier. Issue type / root cause : Heap-based buffer overflow in Substance3D Designer can lead to arbitrary code execution in the context of the current user. Attack vector / prerequisites : Exploitation requires user interac...
CVE-2023-26414
Adobe Substance 3D Designer (Windows/macOS) versions 12.4.0 and earlier are affected by a Use-After-Free vulnerability in USD file parsing that could lead to arbitrary code execution in the current user context. Exploitation requires user interaction (open a malicious file). The issue has been ad...
CVE-2025-21136
Adobe Substance 3D Designer (versions 14.0 and earlier) is affected by an out-of-bounds write (CWE-787) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious file). The advisory APSB25-06 indicates remediation by ...
CVE-2025-21161
CVE-2025-21161 affects Adobe Substance 3D Designer prior to version 14.0.2 via an out-of-bounds write, allowing arbitrary code execution in the current user context and requiring user interaction (open a malicious file). The issue is detailed across multiple sources (NVD/NVD-derived records and R...
CVE-2023-26412
CVE-2023-26412 affects Adobe Substance 3D Designer up to version 12.4.0. The root cause is a stack‑based buffer overflow in USDA file parsing, where input length was not properly validated, allowing arbitrary code execution in the context of the current user. Exploitation requires user interactio...
CVE-2023-26413
Adobe Substance 3D Designer is affected by a heap-based buffer overflow in USD file parsing for versions 12.4.0 and earlier, enabling arbitrary code execution in the context of the current user. Exploitation requires user interaction (e.g., opening a malicious file). The issue is documented acros...
CVE-2024-20750
CVE-2024-20750 affects Adobe Substance 3D Designer, specifically versions 13.1.0 and earlier. The vulnerability is an out-of-bounds read during parsing of a crafted file, which could cause a read past the end of an allocated memory structure and allow code execution in the context of the current ...
CVE-2025-21169
Adobe Substance 3D Designer versions 14.1 and earlier are affected by a heap-based buffer overflow vulnerability that could allow arbitrary code execution under the current user context. Exploitation requires user interaction (the victim must open a malicious file). This CVE is CVE-2025-21169; a ...
CVE-2023-26416
Adobe Substance 3D Designer
CVE-2025-21139
CVE-2025-21139 affects Adobe Substance 3D Designer versions 14.0 and earlier. A Heap-based Buffer Overflow could allow arbitrary code execution in the context of the current user when a victim opens a specially crafted file, with user interaction required. The vulnerability is documented across m...
CVE-2025-27172
Substance 3D Designer (Adobe)
CVE-2023-26398
Adobe Substance 3D Designer vulnerability CVE-2023-26398 arises from an out-of-bounds read when parsing a crafted USDC/related file, allowing code execution in the context of the current user. The issue affects Substance 3D Designer version 12.4.0 and earlier and requires user interaction (victim...
CVE-2024-41864
CVE-2024-41864 affects Substance3D Designer
CVE-2025-21138
CVE-2025-21138 affects Substance3D Designer 14.0 and earlier. The issue is an out-of-bounds write (CWE-787) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). A patch is available: update to a v...
CVE-2023-26411
Adobe Substance 3D Designer 12.4.0 and earlier are affected by an out-of-bounds read when parsing a crafted file, allowing code execution in the attacker’s context if a user opens the malicious file. The issue originates from parsing the input (file) and may be triggered by crafted content, with ...
CVE-2023-48639
CVE-2023-48639 – Adobe Substance 3D Designer is affected by an out-of-bounds write vulnerability in versions 13.0.0 and earlier and 13.1.0 and earlier. The flaw could allow arbitrary code execution in the context of the current user, with exploitation requiring user interaction (the user must ope...
CVE-2023-48637
CVE-2023-48637 affects Adobe Substance 3D Designer versions 13.0.0 and earlier and 13.1.0 and earlier. The issue is an out-of-bounds read in the software that can disclose sensitive memory and, per the entry, could bypass mitigations such as ASLR; exploitation requires a user to open a malicious ...
CVE-2023-48636
Summary: Adobe Substance 3D Designer is affected by an out-of-bounds read in versions 13.0.0 and earlier and 13.1.0 and earlier, potentially leading to disclosure of sensitive memory and bypassing mitigations such as ASLR. Exploitation requires a user to open a malicious file. Connected sources c...
CVE-2023-48638
Adobe Substance 3D Designer is affected by an out-of-bounds read vulnerability in 13.0.0 and earlier and 13.1.0 and earlier, which could disclose sensitive memory and bypass ASLR. exploitation requires user interaction (victim opens a malicious file). Affected component: Substance 3D Designer (de...
CVE-2025-21166
CVE-2025-21166 affects Substance3D Designer, version 14.1 and earlier. The issue is an out-of-bounds write (CWE-787) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file. Documented impact is hi...
CVE-2025-21168
CVE-2025-21168 affects Substance3D Designer (versions 14.1 and earlier). The root cause is an out-of-bounds read in the product, which could disclose sensitive memory and potentially bypass ASLR. Exploitation requires user interaction: a victim must open a malicious file. Affected software is Sub...
CVE-2025-21167
CVE-2025-21167 affects Substance3D Designer ≤ 14.1. It is an out-of-bounds read vulnerability that can disclose memory contents and potentially bypass ASLR. Exploitation requires user interaction: a victim must open a malicious file. Affected component/impact: memory disclosure with high confiden...
CVE-2025-21164
CVE-2025-21164 affects Substance3D Designer, versions 14.1 and earlier. The issue is an out-of-bounds write (CWE-787) that could enable arbitrary code execution in the context of the current user, and exploitation requires the victim to open a malicious file. Remediation from the connected PT sec...
CVE-2026-34664
CVE-2026-34664 affects Substance3D Designer up to v15.1.0. The issue is an Improper Limitation of a Pathname to a Restricted Directory (path traversal) that could permit arbitrary file system reads outside the intended scope. Exploitation requires user interaction: a victim must open a malicious ...
CVE-2026-21334
Substance3D Designer, versions 15.1.0 and earlier, are affected by an out-of-bounds write vulnerability that can lead to arbitrary code execution in the caller's context. The issue requires user interaction: a victim must open a malicious file for exploitation. The CVSS vector provided indicates ...
CVE-2025-21165
Substance3D Designer (v14.1 and earlier) is affected by an out-of-bounds write vulnerability (CWE-787) that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. The issue is fixed by updating to a ver...
CVE-2026-21308
CVE-2026-21308 affects Substance3D Designer versions 15.0.3 and earlier (per Red Hat and NVD entries) with an Out-of-bounds Read that could expose memory. The issue allows memory disclosure and requires user interaction: a victim must open a malicious file. Multiple connected advisories reference...
CVE-2026-21339
CVE-2026-21339 affects Substance3D Designer up to v15.1.0. The issue is an out-of-bounds read that can disclose memory contents. Exploitation requires user interaction: a victim must open a malicious file; attack vector is local with UI required, confidentiality impact HIGH, other impacts none. D...
CVE-2026-34682
CVE-2026-34682 affects Substance3D Designer
CVE-2026-34683
CVE-2026-34683 affects Substance3D Designer up to version 15.1.0. The issue is an out-of-bounds write (CWE-787) that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. The connected documents provid...
CVE-2026-21307
CVE-2026-21307 affects Substance3D Designer up to version 15.0.3 with an out-of-bounds write vulnerability in a user context. The flaw could allow arbitrary code execution, and exploitation requires the victim to open a malicious file (user interaction). These details are supported by multiple co...
CVE-2026-21336
Substance3D Designer prior to v15.1.0 is affected by a NULL pointer dereference that can cause a denial-of-service when a user opens a malicious file. The CVSSv3.1 base score is 5.5 (Medium) with LOCAL attack vector, LOW attack complexity, no privileges required, but USER INTERACTION is required ...
CVE-2026-21338
Substance3D Designer, versions 15.1.0 and earlier, is affected by a NULL pointer dereference that can cause an application denial-of-service. The issue occurs when a user opens a malicious file, requiring user interaction and resulting in a crash. Exploitation details are not provided beyond the ...
CVE-2026-21340
CVE-2026-21340 affects Substance3D Designer 15.1.0 and earlier. It is an out-of-bounds read that could lead to memory exposure and disclosure of sensitive information. Exploitation requires user interaction and local access: a victim must open a malicious file. Vulnerable component: Substance3D D...
CVE-2026-34681
CVE-2026-34681 affects Substance3D Designer up to version 15.1.0. The issue is an out-of-bounds write (CWE-787) that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction; a victim must open a malicious file. No remediation details are p...
CVE-2026-34684
Substance3D Designer before or equal to v15.1.0 is affected by an out-of-bounds write (CWE-787) that can lead to arbitrary code execution in the current user context. The vulnerability arises from an out-of-bounds write condition and requires user interaction (the victim must open a malicious fil...
CVE-2026-21335
CVE-2026-21335 affects Substance3D Designer up to version 15.1.0. The issue is an out-of-bounds write in the affected software that could lead to arbitrary code execution under the context of the current user. Exploitation, if any, requires the user to open a malicious file, indicating a user int...
CVE-2026-21337
Substance3D Designer (Version 15.1.0 and earlier) contains an Out-of-bounds Read that can expose memory. The vulnerability affects the software component handling file parsing, enabling a crafted file to access sensitive data in memory. Exploitation requires user interaction: a victim must open a...