CVE-2024-20742: Adobe Substance 3D Paint RAS File Parsing Out-Of-Bounds Read Vulnerability
First published: Thu Feb 15 2024(Updated: )
Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Substance 3D Painter | <=9.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-20742?
CVE-2024-20742 has a medium severity rating due to its potential for an out-of-bounds read that could lead to code execution.
How do I fix CVE-2024-20742?
To fix CVE-2024-20742, users should update to the latest version of Adobe Substance 3D Painter beyond version 9.1.1.
What versions of Substance 3D Painter are affected by CVE-2024-20742?
CVE-2024-20742 affects all versions of Adobe Substance 3D Painter up to and including version 9.1.1.
What type of vulnerability is CVE-2024-20742?
CVE-2024-20742 is classified as an out-of-bounds read vulnerability.
Can CVE-2024-20742 be exploited remotely?
Yes, CVE-2024-20742 can be exploited remotely if a user opens a specially crafted file.
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/adobe
- canonical/adobe substance 3d painter
- version/adobe substance 3d painter/9.1.1