First published: Wed Apr 12 2023(Updated: )
Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe Substance 3D Stager | <=2.0.1 | |
macOS | ||
Microsoft Windows Operating System |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-26402 has been classified as a medium severity vulnerability due to its potential impact on code execution.
To address CVE-2023-26402, users should update Adobe Substance 3D Stager to the latest version that is indicated to be secure.
CVE-2023-26402 can be exploited by attackers using crafted files to perform out-of-bounds read operations that may lead to arbitrary code execution.
CVE-2023-26402 affects Adobe Substance 3D Stager version 2.0.1 and earlier.
CVE-2023-26402 specifically affects Adobe Substance 3D Stager and is not inherently tied to the operating system such as macOS or Windows.