78 matches found
CVE-2023-29273
Adobe Substance 3D Painter 8.3.0 and earlier is affected by an out-of-bounds read during parsing of USDC/file data, which could allow code execution in the context of the current user. The vulnerability requires user interaction (opening a malicious file or visiting a page) and is associated with...
CVE-2023-29286
Adobe Substance 3D Painter
CVE-2024-30308
CVE-2024-30308 affects Substance3D Painter up to version 9.1.2. The issue is an out-of-bounds read in PSD/file parsing that could disclose sensitive memory and enable bypassing ASLR. Exploitation requires user interaction (victim opens a malicious file). Public sources indicate a fix via Adobe AP...
CVE-2024-30307
Substance3D Painter
CVE-2024-30309
CVE-2024-30309 affects Substance3D Painter, specifically versions ≤ 9.1.2. The issue is an out-of-bounds read in the TGA file parsing path that can disclose sensitive memory and could bypass ASLR. Exploitation requires the victim to open a malicious file (user interaction). Remediation is to upda...
CVE-2024-30274
CVE-2024-30274 affects Adobe Substance 3D Painter up to version 9.1.2. It is an out-of-bounds write in ABC file parsing that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. Affected software: S...
CVE-2023-29281
Adobe Substance 3D Painter is affected in versions 8.3.0 and earlier by an out-of-bounds read while parsing crafted USD files, potentially allowing code execution in the current user’s context. Exploitation requires user interaction (victim opens a malicious file). The issue is confirmed across m...
CVE-2024-47426
CVE-2024-47426 affects Substance3D Painter
CVE-2023-29278
CVE-2023-29278 affects Adobe Substance 3D Painter up to version 8.3.0. It is an uninitialized pointer access vulnerability that can lead to arbitrary code execution in the current user context. Exploitation requires user interaction: a victim must open a malicious file. The issue is documented ac...
CVE-2024-20723
Summary (CVE-2024-20723) : Adobe Substance 3D Painter
CVE-2024-47438
Summary: CVE-2024-47438 affects Substance3D Painter (v10.1.0 and earlier). The issue is a Write-what-where condition leading to a memory leak and potential disclosure of memory content. Exploitation requires user interaction (victim opens a malicious file) and is described with a local attack vec...
CVE-2023-29284
Adobe Substance 3D Painter
CVE-2024-47433
Substance3D Painter ≤ 10.1.0 is affected by an out-of-bounds write (CWE-787) that could allow arbitrary code execution in the context of the current user, requiring the victim to open a malicious file. Mitigation: apply Adobe APSB24-86 update to 10.1.1 or later. Affected platforms/versions exact ...
CVE-2024-53957
Substance3D Painter 10.1.1 and earlier are affected by a Heap-based Buffer Overflow that could allow arbitrary code execution in the context of the current user, with exploitation requiring user interaction (victim opens a malicious file). The vulnerability is documented as CVE-2024-53957. Affect...
CVE-2023-29280
Adobe Substance 3D Painter (versions 8.3.0 and earlier) is affected by an out-of-bounds read in PLY/file parsing that could yield code execution in the current user context. Exploitation requires user interaction (open a malicious file). A vendor security update APSB23-29 addresses critical/impor...
CVE-2024-20742
CVE-2024-20742 affects Adobe Substance 3D Painter up to version 9.1.1. The issue is an out-of-bounds read during parsing of a crafted file, potentially allowing code execution in the caller’s context. Exploitation requires user interaction, as a victim must open a malicious file. Multiple sources...
CVE-2025-24451
CVE-2025-24451 (Substance3D Painter) affects Substance3D Painter 10.1.2 and earlier. It is an out-of-bounds write vulnerability (CWE-787) that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file. ...
CVE-2023-29276
Affected product: Adobe Substance 3D Painter (versions 8.3.0 and earlier). Vulnerability: an out-of-bounds write in USD file parsing that can lead to arbitrary code execution in the current user’s context. Root cause: failure to validate user-supplied USD data during parsing. Exploit context: rem...
CVE-2024-47440
Substance3D Painter 10.1.0 and earlier are affected by an out-of-bounds read (CWE-125) that could disclose memory and bypass ASLR. Exploitation requires user interaction (victim opens a malicious file). Affected product: Adobe Substance 3D Painter; vulnerability is addressed by the vendor in the ...
CVE-2023-29282
Adobe Substance 3D Painter
CVE-2023-29285
Adobe Substance 3D Painter is affected by an out-of-bounds write in USD file parsing (versions 8.3.0 and earlier) that could allow arbitrary code execution in the current user’s context. Exploitation requires user interaction (open a malicious file or visit a malicious page) and may be remote in ...
CVE-2024-20722
CVE-2024-20722 affects Substance3D Painter versions 9.1.1 and earlier. The issue is an out-of-bounds read in memory that could lead to disclosure of sensitive memory and potentially bypass mitigations such as ASLR. Exploitation requires user interaction (victim opens a malicious file). Affected p...
CVE-2024-47428
CVE-2024-47428 affects Substance3D Painter
CVE-2024-47436
CVE-2024-47436 describes an out-of-bounds read in Substance3D Painter
CVE-2023-29275
CVE-2023-29275 affects Adobe Substance 3D Painter ≤ 8.3.0, where parsing USD files can trigger an out-of-bounds read and remote code execution in the context of the current user. Exploitation requires user interaction (opening a crafted file). The issue is tied to the USD file parsing path and me...
CVE-2023-29277
Adobe Substance 3D Painter (v8.3.0 and earlier) contains an out-of-bounds read vulnerability in USD file parsing that can disclose memory and bypass ASLR. Exploitation requires user interaction (victim opens a malicious file). Affected product: Substance 3D Painter. Root cause: out-of-bounds read...
CVE-2024-20725
CVE-2024-20725 affects Adobe Substance 3D Painter, versions up to 9.1.1. It describes an out-of-bounds read that can disclose memory and potentially bypass mitigations like ASLR. Exploitation requires user interaction: a victim must open a malicious file. The vulnerability is classified with a lo...
CVE-2024-20741
CVE-2024-20741 affects Substance3D Painter
CVE-2024-47429
Adobe Substance 3D Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability (CVE-2024-47429) that could lead to arbitrary code execution in the context of the current user, with exploitation requiring user interaction (victim opens a malicious file). This is corrob...
CVE-2024-47437
Substance3D Painter, versions 10.1.0 and earlier, are affected by an out-of-bounds read vulnerability (CVE-2024-47437) that could disclose memory and bypass ASLR. Exploitation requires user interaction (victim opens a malicious file). Affected product/version details are corroborated across multi...
CVE-2024-49520
CVE-2024-49520 concerns Adobe Substance 3D Painter. Affected: Painter versions 10.1.0 and earlier. Issue: out-of-bounds write (CWE-787) potentially leading to arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file...
CVE-2024-47430
Substance3D Painter
CVE-2024-49516
CVE-2024-49516 affects Adobe Substance 3D Painter, versions 10.1.0 and earlier. The issue is an out-of-bounds write (CWE-787) that could lead to arbitrary code execution in the context of the current user. Exploitation requires the victim to open a malicious file (user interaction) and is describ...
CVE-2024-49525
CVE-2024-49525 affects Substance3D Painter up to version 10.1.0, where a heap-based buffer overflow could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). Public sources consistently describe the issue a...
CVE-2024-53958
CVE-2024-53958 affects Substance 3D Painter
CVE-2025-24450
CVE-2025-24450 affects Adobe Substance 3D Painter (versions 10.1.2 and earlier). The vulnerability is an out-of-bounds write (CWE-787) that could enable arbitrary code execution in the context of the current user, with exploitation requiring user interaction (victim must open a malicious file). M...
CVE-2024-47439
CVE-2024-47439 concerns Substance3D Painter prior to version 10.1.1, where a NULL pointer dereference in the application can crash Painter, yielding a denial‑of‑service condition. The issue requires user interaction (victim opens a crafted file) and affects the core Painter executable’s handling ...
CVE-2024-49519
Substance3D Painter up to version 10.1.0 is affected by an out-of-bounds write vulnerability (CWE-787) that could enable arbitrary code execution in the user’s context. Exploitation requires user interaction (opening a malicious file). Public sources (NVD/CVE, CNVD, NTKB) corroborate the issue an...
CVE-2024-47435
Substance 3D Painter (Windows/macOS) versions ≤ 10.1.0 are affected by an out-of-bounds read (CWE-125) that can disclose sensitive memory and bypass mitigations like ASLR. Exploitation requires user interaction (victim opens a malicious file), with a local attack surface. The vulnerability impact...
CVE-2024-20787
CVE-2024-20787 affects Substance 3D Painter (versions ≤ 10.0.1). It is an out-of-bounds read vulnerability in Painter’s code that can disclose memory contents and bypass ASLR. Exploitation requires user interaction (opening a malicious file). Affected guidance indicates remediation via updates to...
CVE-2024-47431
Adobe Substance 3D Painter versions 10.1.0 and earlier are affected by a heap-based buffer overflow (CWE-122) that could enable arbitrary code execution in the current user context. Exploitation requires user interaction (opening a malicious file). A patch is available (APSB24-86) addressing thes...
CVE-2024-49515
Substance3D Painter
CVE-2024-49517
Substance3D Painter, version 10.1.0 and earlier, is affected by a heap-based buffer overflow that could allow arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file. Remediation: update to a version later than 10.1.0 (e.g., apply APSB2...
CVE-2023-29279
CVE-2023-29279 affects Adobe Substance 3D Painter up to version 8.3.0 and earlier, with an out-of-bounds read vulnerability that can disclose memory. The issue arises in parsing USD data and can be triggered when a user opens a malicious file, requiring user interaction. The documented impact inc...
CVE-2024-20744
Adobe Substance 3D Painter (Windows/macOS) is affected by an out-of-bounds write in Painter
CVE-2025-30322
Adobe Substance 3D Painter 11.0 and earlier is affected by an out-of-bounds write that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious file). Remediation: update to a version later than 11.0 (per APSB25-38/P...
CVE-2023-29274
Adobe Substance 3D Painter (version 8.3.0 and earlier) is affected by an out-of-bounds read vulnerability in the file parsing path that could allow code execution in the attacker’s context. The issue requires user interaction (victim must open a crafted file). Public documents attribute the flaw ...
CVE-2024-20740
The CVE-2024-20740 entry affects Substance3D - Painter versions 9.1.1 and earlier, due to an out-of-bounds write that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). Multiple connected sources cor...
CVE-2024-20724
Substance3D – Painter versions 9.1.1 and earlier are affected by an out-of-bounds read that could disclose sensitive memory and bypass ASLR. Exploitation requires user interaction (opening a malicious file). Remediation: update to version 9.1.2 or later (as per APSB24-04) to mitigate. CVE-2024-20...
CVE-2023-29283
CVE-2023-29283 affects Adobe Substance 3D Painter (versions 8.3.0 and earlier). A heap-based Buffer Overflow occurs in USD file parsing, enabling arbitrary code execution in the user’s context. Exploitation requires user interaction (open malicious file or visit a crafted page). Affected product/...