CVE-2024-52998: Substance3D - Stager | Out-of-bounds Read (CWE-125)
First published: Fri Nov 22 2024(Updated: )
Substance3D - Stager versions 3.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Adobe Substance 3D Stager | <3.0.3 | |
| Any of | ||
| macOS | ||
| Microsoft Windows Operating System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-52998?
CVE-2024-52998 has a high severity rating due to its potential for sensitive memory disclosure.
How do I fix CVE-2024-52998?
To mitigate CVE-2024-52998, upgrade to Adobe Substance 3D Stager version 3.0.3 or later.
Who is affected by CVE-2024-52998?
CVE-2024-52998 affects users of Adobe Substance 3D Stager versions 3.0.2 and earlier.
What kind of vulnerability is CVE-2024-52998?
CVE-2024-52998 is an out-of-bounds read vulnerability.
Can CVE-2024-52998 be exploited remotely?
CVE-2024-52998 requires user interaction for exploitation.
- agent/weakness
- agent/title
- agent/references
- agent/first-publish-date
- agent/type
- agent/description
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe substance 3d stager
- vendor/apple
- canonical/macos
- vendor/microsoft
- canonical/microsoft windows operating system