CVE-2024-41861: Adobe Substance 3D Sampler Memory Corruption Out-of-Bounds-READ Vulnerability I, when parsing PSD file
First published: Wed Aug 14 2024(Updated: )
Substance3D - Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Substance 3D Sampler | <4.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-41861?
CVE-2024-41861 has a medium severity rating due to its potential for sensitive memory disclosure.
How do I fix CVE-2024-41861?
To address CVE-2024-41861, update Adobe Substance 3D Sampler to version 4.5.1 or later.
What kind of vulnerability is CVE-2024-41861?
CVE-2024-41861 is an out-of-bounds read vulnerability that leads to possible sensitive memory disclosure.
Is user interaction required to exploit CVE-2024-41861?
Yes, exploitation of CVE-2024-41861 requires user interaction.
What software versions are affected by CVE-2024-41861?
CVE-2024-41861 affects Adobe Substance 3D Sampler versions up to but not including 4.5.1.
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/source
- vendor/adobe
- canonical/adobe substance 3d sampler