CVE-2024-47438

Substance3D - Painter versions 10.1.0 and earlier are affected by a Write-what-where Condition vulnerability that could lead to a memory leak. This vulnerability allows an attacker to write a controlled value at a controlled memory location, which could result in the disclosure of sensitive memory content. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:adobe:substance_3d_painter:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-11-12 20:15

Updated : 2024-11-13 19:13

NVD link : CVE-2024-47438

Mitre link : CVE-2024-47438

CVE.ORG link : CVE-2024-47438

JSON object : View

Products Affected

adobe

substance_3d_painter

CWE

CWE-123

Write-what-where Condition

CWE-787

Out-of-bounds Write

{"id": "CVE-2024-47438", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@adobe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-11-12T20:15:10.720", "references": [{"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html", "tags": ["Vendor Advisory"], "source": "psirt@adobe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-123"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Substance3D - Painter versions 10.1.0 and earlier are affected by a Write-what-where Condition vulnerability that could lead to a memory leak. This vulnerability allows an attacker to write a controlled value at a controlled memory location, which could result in the disclosure of sensitive memory content. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}, {"lang": "es", "value": "Las versiones 10.1.0 y anteriores de Substance3D - Painter se ven afectadas por una vulnerabilidad de condici\u00f3n de escritura que podr\u00eda provocar una p\u00e9rdida de memoria. Esta vulnerabilidad permite a un atacante escribir un valor controlado en una ubicaci\u00f3n de memoria controlada, lo que podr\u00eda provocar la divulgaci\u00f3n de contenido confidencial de la memoria. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."}], "lastModified": "2024-11-13T19:13:57.320", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:substance_3d_painter:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2685544B-784F-49A0-9BE0-B209DC10D16E", "versionEndExcluding": "10.1.1"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@adobe.com"}