CVE-2024-41860: Adobe Substance 3D Sampler Memory Corruption Vulnerability I, when parsing PSD file
First published: Wed Aug 14 2024(Updated: )
Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Substance 3D Sampler | <4.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-41860?
CVE-2024-41860 is classified as a medium severity vulnerability due to its potential to disclose sensitive memory.
How do I fix CVE-2024-41860?
To fix CVE-2024-41860, upgrade Adobe Substance 3D Sampler to version 4.5.1 or later.
What impact does CVE-2024-41860 have?
CVE-2024-41860 can potentially allow an attacker to bypass security mitigations like ASLR.
Is user interaction required to exploit CVE-2024-41860?
Yes, exploitation of CVE-2024-41860 requires user interaction.
Which versions of Adobe Substance 3D Sampler are affected by CVE-2024-41860?
CVE-2024-41860 affects Adobe Substance 3D Sampler versions 4.5 and earlier.
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/weakness
- agent/title
- agent/severity
- agent/author
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/substance 3d sampler