CVE-2024-47438

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-47438
Substance3D - Painter versions 10.1.0 and earlier are affected by a Write-what-where Condition vulnerability that could lead to a memory leak. This vulnerability allows an attacker to write a controlled value at a controlled memory location, which could result in the disclosure of sensitive memory content. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:adobe:substance_3d_painter:*:*:*:*:*:*:*:*
History

13 Nov 2024, 19:13

Type Values Removed Values Added
CPE cpe:2.3:a:adobe:substance_3d_painter:*:*:*:*:*:*:*:*
References () https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html - () https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html - Vendor Advisory
CWE CWE-787
First Time Adobe
Adobe substance 3d Painter

13 Nov 2024, 17:01

Type Values Removed Values Added
Summary
  • (es) Las versiones 10.1.0 y anteriores de Substance3D - Painter se ven afectadas por una vulnerabilidad de condición de escritura que podría provocar una pérdida de memoria. Esta vulnerabilidad permite a un atacante escribir un valor controlado en una ubicación de memoria controlada, lo que podría provocar la divulgación de contenido confidencial de la memoria. Para explotar este problema es necesaria la interacción del usuario, ya que la víctima debe abrir un archivo malicioso.

12 Nov 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-12 20:15

Updated : 2024-11-13 19:13

NVD link : CVE-2024-47438

Mitre link : CVE-2024-47438

CVE.ORG link : CVE-2024-47438

JSON object : View

Products Affected

adobe

  • substance_3d_painter
CWE
CWE-787

Out-of-bounds Write

CWE-123

Write-what-where Condition


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024