CVE-2024-20787

Summary

CVE-2024-20787 is an out-of-bounds read vulnerability affecting Substance3D Painter versions 10.0.1 and earlier, which can lead to the disclosure of sensitive memory. The vulnerability requires user interaction, as exploitation necessitates that a victim open a malicious file, allowing attackers to potentially bypass mitigations like Address Space Layout Randomization (ASLR). Affected products include Substance3D Painter, which carries a confidentiality impact rated as high, with an overall base severity classified as medium. To remediate this issue, users should update to the latest version of Substance3D Painter as suggested in Adobe's security advisory. Organizations should be aware that this vulnerability poses a risk of sensitive data exposure if exploited successfully.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.