CVE-2024-20722: Adobe Substance 3D Painter v9.0.1Build2822 OOBR Vulnerability III
First published: Thu Feb 15 2024(Updated: )
Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Substance 3D Painter | <=9.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-20722?
CVE-2024-20722 is classified as a high severity vulnerability due to the potential disclosure of sensitive memory.
How do I fix CVE-2024-20722?
To mitigate CVE-2024-20722, upgrade to Adobe Substance 3D Painter version 9.1.2 or later.
What type of vulnerability is CVE-2024-20722?
CVE-2024-20722 is an out-of-bounds read vulnerability.
What can an attacker achieve by exploiting CVE-2024-20722?
An attacker can potentially disclose sensitive memory information by exploiting CVE-2024-20722.
Does CVE-2024-20722 require user interaction for exploitation?
Yes, exploitation of CVE-2024-20722 requires user interaction.
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/adobe
- canonical/adobe substance 3d painter
- version/adobe substance 3d painter/9.1.1