39 matches found
CVE-2024-53005
CVE-2024-53005 affects Substance3D Modeler up to version 1.14.1. Issue: out-of-bounds read that could disclose memory and bypass mitigations such as ASLR. Exploitation requires user interaction (victim must open a malicious file). Affected component: Substance3D Modeler (modeling tool). Root caus...
CVE-2024-53002
Substance3D Modeler 1.14.1 and earlier are affected by an out-of-bounds write (heap-based) vulnerability that could allow arbitrary code execution in the context of the current user when a user opens a malicious file. Exploitation requires user interaction, i.e., the victim must open a crafted fi...
CVE-2024-53004
CVE-2024-53004 affects Substance3D Modeler up to version 1.14.1. The issue is an out-of-bounds read in Modeler’s handling of vulnerability-triggering input, which could disclose sensitive memory and bypass mitigations like ASLR. Exploitation requires user interaction: a victim must open a malicio...
CVE-2025-21170
CVE-2025-21170 affects Substance3D Modeler ≤ 1.15.0. The issue is a NULL Pointer Dereference that could crash the application, yielding a denial-of-service condition. Exploitation requires the user to open a malicious file (user interaction). Related advisories (APSB25-21) note updates addressing...
CVE-2024-52999
Substance3D Modeler, version 1.14.1 and earlier, is affected by a heap-based buffer overflow that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious file). The vulnerability is documented as CVE-2024-52999. Public d...
CVE-2024-53006
CVE-2024-53006 affects Substance3D Modeler 1.14.1 and earlier. The issue is a NULL pointer dereference in a component used by the modeler, leading to an application crash and denial of service. Exploitation requires user interaction: a victim must open a malicious file. Connected sources indicate...
CVE-2024-53003
CVE-2024-53003 affects Substance3D Modeler 1.14.1 and earlier. The issue is an out-of-bounds write in the Modeler component that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. Connected sources ...
CVE-2024-53000
CVE-2024-53000 affects Substance3D Modeler ≤ 1.14.1. The issue is an out-of-bounds write that can lead to arbitrary code execution in the context of the current user, with exploitation requiring the victim to open a malicious file. Multiple connected sources (PT-2024-9948, CNVD-2025-00377, NVD en...
CVE-2024-53001
Summary (CVE-2024-53001): Substance3D Modeler, versions 1.14.1 and earlier, contains an out-of-bounds write vulnerability that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction via opening a malicious file (local attack vector). The i...
CVE-2025-27173
CVE-2025-27173 affects Substance3D Modeler up to version 1.15.0 (and earlier). It is a heap-based buffer overflow vulnerability that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file. Connected ad...
CVE-2025-27181
CVE-2025-27181 affects Substance3D Modeler 1.15.0 and earlier, with a Use After Free vulnerability that could lead to arbitrary code execution in the current user context. Exploitation requires user interaction (victim opens a malicious file). Related documents corroborate the vulnerability class...
CVE-2025-27180
substance3d - modeler vulnerable by out-of-bounds read in versions
CVE-2024-52833
CVE-2024-52833 affects Adobe Substance3D Modeler, version 1.14.1 and earlier. The root cause is a NULL pointer dereference that can crash the application, causing a denial-of-service. Exploitation requires user interaction (victim opens a malicious file). No exploitation details are provided in t...
CVE-2025-43553
Adobe Substance 3D Modeler v1.21.0 and earlier is affected by an Uncontrolled Search Path Element (CWE-427) that could lead to arbitrary code execution in the user’s context. Exploitation requires user interaction (opening a malicious file). Remediation: update to v1.22.0 or later per APSB25-51; ...
CVE-2025-43554
Substance3D Modeler (Adobe) is affected by an out-of-bounds write vulnerability (CWE-787) in versions 1.21.0 and earlier, as documented across CVE-2025-43554 entries. The issue could allow arbitrary code execution in the context of the current user and requires user interaction (the victim must o...
CVE-2026-21348
CVE-2026-21348 affects Substance3D Modeler
CVE-2025-54197
Adobe Substance3D Modeler (versions 1.22.0 and earlier) is affected by CVE-2025-54197, an out-of-bounds read that could disclose memory. Exploitation requires the user to open a malicious file; the CVSSv3.1 vector indicates Local/Low exploitability with User Interaction required, Confidentiality ...
CVE-2025-54200
CVE-2025-54200 affects Substance3D Modeler (versions 1.22.0 and earlier). It is an out-of-bounds read vulnerability that could disclose sensitive memory. Exploitation requires that a user opens a malicious file, i.e., user interaction. Connected sources corroborate this issue and link to the Adob...
CVE-2026-21299
CVE-2026-21299 affects Substance3D Modeler 1.22.4 and earlier, due to an out-of-bounds write (CWE-787) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious file). A security update is available (APSB26-08) a...
CVE-2025-54204
Adobe Substance3D Modeler up to version 1.22.0 is affected by an out-of-bounds read (CWE-125) that could disclose sensitive memory. Exploitation requires the user to open a malicious file, per CVE-2025-54204 and multiple notices. The issue affects Substance3D Modeler 1.22.0 and earlier; no explic...
CVE-2025-49571
Adobe Substance3D Modeler
CVE-2025-49573
Affected software/versions: Substance3D Modeler
CVE-2025-54199
Substance3D Modeler (versions
CVE-2025-54201
CVE-2025-54201 affects Adobe Substance 3D Modeler (versions 1.22.0 and earlier). The issue is an out-of-bounds read that could disclose sensitive memory. Exploitation requires a user to open a malicious file. A mitigation is to apply the vendor update (Adobe APSB25-76) or newer releases; the advi...
CVE-2025-54203
CVE-2025-54203 affects Substance3D Modeler
CVE-2025-49572
CVE-2025-49572 affects Substance3D Modeler 1.22.0 and earlier. The issue is an out-of-bounds write (CWE-787) that can enable arbitrary code execution in the current user context when a victim opens a malicious file. Public disclosures across NVD/Red Hat/CVE catalogs corroborate the vulnerability ...
CVE-2025-54258
CVE-2025-54258 affects Adobe Substance3D Modeler up to version 1.22.2. The issue is a Use After Free in a component handling crafted files, leading to arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious file). Affected product/v...
CVE-2026-21300
CVE-2026-21300 affects Substance3D Modeler v1.22.4 and earlier, where a NULL pointer dereference could cause an application denial-of-service. The vulnerability requires user interaction: a victim must open a malicious file. Multiple connected sources confirm the issue and its impact; advisories ...
CVE-2025-54259
Product: Adobe Substance 3D Modeler. Affected: versions 1.22.2 and earlier. Vulnerability: Integer Overflow or Wraparound (CVE-2025-54259) in parsing/opening crafted files, enabling arbitrary code execution in the user’s context. Exploit requires user interaction (open malicious file). Impact: hi...
CVE-2025-54202
CVE-2025-54202 affects Adobe Substance3D Modeler up to version 1.22.0 and earlier, with an out-of-bounds read that could disclose memory contents. Exploitation requires the user to open a malicious file (user interaction), and CVSSv3.1 base score is 5.5 (Medium). Connected sources corroborate thi...
CVE-2025-54235
CVE-2025-54235 affects Adobe Substance3D Modeler 1.22.0 and earlier, with an out-of-bounds read that could disclose sensitive memory. Exploitation requires the user to open a malicious file. The issue is documented across multiple feeds, and an Adobe APSB25-76 update is available addressing this ...
CVE-2025-54260
CVE-2025-54260 affects Adobe Substance3D Modeler up to version 1.22.2. The vulnerability is an out-of-bounds read that can occur while parsing a crafted file, potentially allowing code execution in the user’s context. Exploitation requires user interaction (victim opens a malicious file). The iss...
CVE-2026-21302
CVE-2026-21302 concerns Adobe Substance3D Modeler, affected in versions up to 1.22.4. It is an Out-of-bounds Read that can cause memory exposure and potential information disclosure. Exploitation requires a user to open a malicious file. Red Hat and other sources corroborate the memory-exposure i...
CVE-2026-21298
CVE-2026-21298 affects Adobe Substance 3D Modeler prior to 1.22.5. The vulnerability is an out-of-bounds write in Substance3D Modeler (version 1.22.4 and earlier) that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open...
CVE-2026-21301
CVE-2026-21301 affects Substance3D Modeler
CVE-2025-54186
Substance3D Modeler, up to version 1.22.0 and earlier, is affected by an out-of-bounds read vulnerability that could disclose sensitive memory. Exploitation requires user interaction (the victim must open a malicious file). Affected product/versions are confirmed in multiple sources; remediation ...
CVE-2025-54198
Summary: CVE-2025-54198 affects Adobe Substance3D Modeler. Affected versions: Substance3D Modeler 1.22.0 and earlier. Vulnerability and impact: an out-of-bounds read could disclose sensitive memory; exploitation requires the victim to open a malicious file (user interaction). CVSS shows Local att...
CVE-2025-54276
CVE-2025-54276 affects Substance3D Modeler 1.22.3 and earlier. The issue is an out-of-bounds read when parsing a crafted file, which could allow code execution in the current user context. Exploitation requires user interaction (a victim must open a malicious file). Connected sources confirm affe...
CVE-2026-21303
Substance3D Modeler v1.22.4 and earlier are affected by an Out-of-bounds Read (CWE-125) that could disclose memory contents. Exploitation requires a user to open a malicious file, potentially leading to memory disclosure. Adobe APSB26-08 notes a fixed update to 1.22.5; apply the security update t...