29 matches found
CVE-2024-52994
CVE-2024-52994 affects Adobe Substance 3D Sampler, with versions 4.5.1 and earlier vulnerable to an out-of-bounds write (CWE-787) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. Connected ad...
CVE-2024-52995
Substance3D Sampler 4.5.1 and earlier are affected by a Heap-based Buffer Overflow (CVE-2024-52995) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious file). Adobe’s APSB24-100 advisory and Nessus entry indicat...
CVE-2025-24442
Adobe Substance 3D Sampler is affected: versions 4.5.2 and earlier contain an out-of-bounds write (CWE-787) that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious file). The issue is documented across CVE-2025-244...
CVE-2023-48630
CVE-2023-48630 affects Adobe Substance 3D Sampler ≤ 4.2.1. It is due to an out-of-bounds write that could allow arbitrary code execution in the context of the current user. Exploitation requires the victim to open a malicious file (user interaction). A patch is available: update to 4.2.2 or later...
CVE-2024-41861
Adobe Substance 3D Sampler has an out-of-bounds read vulnerability (CVE-2024-41861) in version 4.5 and earlier. The flaw can disclose sensitive memory and could bypass ASLR; exploitation requires a user to open a malicious PSD/file. Affected product: Substance 3D Sampler (desktop). Impact: memory...
CVE-2024-41863
CVE-2024-41863 (Adobe Substance 3D Sampler) affects Substance3D Sampler 4.5 and earlier with an out-of-bounds read that could disclose memory and bypass ASLR. Exploitation requires a user to open a malicious file. Remediation is available: Adobe’s APSB24-65 advisory notes a critical/important upd...
CVE-2025-24440
CVE-2025-24440 affects Substance3D - Sampler versions
CVE-2025-24441
CVE-2025-24441 affects Substance3D Sampler 4.5.2 and earlier, with an out-of-bounds write vulnerability that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious file). Affected version information and impact are...
CVE-2025-24444
CVE-2025-24444 affects Substance3D Sampler up to and including version 4.5.2. The issue is an out-of-bounds write that could allow arbitrary code execution in the context of the current user, with exploitation requiring the victim to open a malicious file (user interaction). Several connected sou...
CVE-2024-41862
Adobe Substance 3D Sampler is affected: versions 4.5 and earlier contain an out-of-bounds read that can disclose memory and bypass ASLR. Exploitation requires user interaction (victim opens a malicious file). In the connected material, remediation is referenced via APSB24-65, noting updates to ad...
CVE-2023-48628
Affected software: Adobe Substance 3D Sampler
CVE-2025-24445
CVE-2025-24445 affects Adobe Substance 3D Sampler. Versions 4.5.2 and earlier are vulnerable to an out-of-bounds write that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. The issue is referenced...
CVE-2023-48627
Adobe Substance 3D Sampler is affected by an out-of-bounds write vulnerability (CVE-2023-48627) in versions 4.2.1 and earlier, which could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (the victim must open a malicious file). A patch is ...
CVE-2024-41860
Summary: CVE-2024-41860 affects Adobe Substance 3D Sampler (Substance3D - Sampler) versions 4.5 and earlier. The vulnerability is an out-of-bounds read in PSD/file parsing that could lead to disclosure of sensitive memory and potentially bypass mitigations such as ASLR. Exploitation requires user...
CVE-2025-24439
CVE-2025-24439 relates to Adobe Substance 3D Sampler. Affected: versions 4.5.2 and earlier. Issue: heap-based buffer overflow in Substance3D Sampler could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious file). Pu...
CVE-2025-43588
CVE-2025-43588 affects Substance3D Sampler versions 5.0 and earlier, with an out-of-bounds write (CWE-787) that could allow arbitrary code execution in the user context. Exploitation requires a user to open a malicious file. Connected sources confirm the issue and reference an Adobe APSB25-55 upd...
CVE-2023-48625
CVE-2023-48625 affects Adobe Substance 3D Sampler
CVE-2025-43581
CVE-2025-43581 affects Substance3D Sampler (5.0 and earlier) with an out-of-bounds write (CWE-787) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious file). Connected sources confirm the vulnerability in S...
CVE-2025-24443
Substance3D Sampler 4.5.2 and earlier are affected by a Heap-based Buffer Overflow (CWE-122) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. Remediation guidance is provided by APSB25-16, wi...
CVE-2024-47459
CVE-2024-47459 affects Substance3D Sampler 4.5 and earlier; a null pointer dereference can cause application DoS when a user opens a malicious file. Exploitation requires user interaction. Adobe has issued a security update (APSB24-65) and PT-2024-7320 recommends upgrading to a version later than...
CVE-2024-52996
CVE-2024-52996 affects Adobe Substance 3D Sampler 4.5.1 and earlier. It is a Heap-based Buffer Overflow in the Substance3D Sampler component that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious fil...
CVE-2023-48626
CVE-2023-48626 affects Adobe Substance 3D Sampler versions 4.2.1 and earlier. The issue is an out-of-bounds write in the Sampler component that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. Pub...
CVE-2023-48629
Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). Affected product/version: Substance ...
CVE-2025-54205
Adobe Substance 3D Sampler is affected by an out-of-bounds read (CWE-125) in versions 5.0.3 and earlier. The root cause is an out-of-bounds memory read that could lead to disclosure of sensitive memory; exploitation requires a user to open a malicious file. The vulnerability is documented across ...
CVE-2026-48306
CVE-2026-48306 affects Substance3D Sampler versions 6.0.0 and earlier. The issue is an out-of-bounds write that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, specifically the victim opening a malicious file. No remediation detai...
CVE-2026-48305
Substance3D Sampler (versions 6.0.0 and earlier) is affected by an out-of-bounds write (CWE-787) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction, as a victim must open a malicious file. This is documented across CVE sources, inc...
CVE-2026-34709
CVE-2026-34709 concerns Substance3D Sampler, affected in 6.0.0 and earlier. The issue is an out-of-bounds write (CWE-787) in the software’s components, with the potential to execute arbitrary code in the context of the current user. Exploitation requires the user to open a malicious file, i.e., u...
CVE-2026-34710
CVE-2026-34710 affects Substance3D – Sampler versions 6.0.0 and earlier. The issue is an out-of-bounds write (CWE-787) that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction, specifically the victim opening a malicious file. The provi...
CVE-2026-21306
CVE-2026-21306 affects Adobe Substance 3D Sampler versions 5.1.0 and earlier. The issue is an out-of-bounds write (CWE-787) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. Remediation is ava...