CVE-2024-30309: Adobe Substance 3D Painter TGA File Parsing Acces Violation Read Vulnerability
First published: Thu May 16 2024(Updated: )
Substance3D - Painter versions 9.1.2 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Substance 3D Painter | <10.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-30309?
The severity of CVE-2024-30309 is considered critical due to its potential impact on sensitive memory disclosure.
How do I fix CVE-2024-30309?
To fix CVE-2024-30309, update Adobe Substance 3D Painter to version 10.0.0 or newer.
What are the potential impacts of CVE-2024-30309?
Exploitation of CVE-2024-30309 could lead to unauthorized disclosure of sensitive information from memory.
Who is affected by CVE-2024-30309?
CVE-2024-30309 affects all versions of Adobe Substance 3D Painter up to and including 9.1.2.
Can CVE-2024-30309 be exploited remotely?
CVE-2024-30309 requires user interaction for exploitation, making it less likely to be used as a remote attack vector.
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/adobe
- canonical/adobe substance 3d painter