CVE-2023-29279
First published: Thu May 11 2023(Updated: )
Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Substance 3D Painter | <=8.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-29279?
CVE-2023-29279 has been classified with a medium severity level due to its potential impact on the disclosure of sensitive memory.
How do I fix CVE-2023-29279?
To fix CVE-2023-29279, users should update Adobe Substance 3D Painter to version 8.3.1 or later.
What kind of vulnerability is CVE-2023-29279?
CVE-2023-29279 is an out-of-bounds read vulnerability that may allow unauthorized memory access.
Does CVE-2023-29279 require user interaction to exploit?
Yes, exploitation of CVE-2023-29279 requires user interaction, making it a user-assisted attack.
What versions of Adobe Substance 3D Painter are affected by CVE-2023-29279?
CVE-2023-29279 affects Adobe Substance 3D Painter versions 8.3.0 and earlier.
- collector/nvd-index
- vendor/adobe
- canonical/adobe substance 3d painter
- version/adobe substance 3d painter/8.3.0