All the vulnerabilites related to Adobe - Substance3D - Stager
cve-2023-26394
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2024-08-02 11:46
Severity ?
EPSS score ?
Summary
ZDI-CAN-20236: Adobe Substance 3D Stager USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:24.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-20236: Adobe Substance 3D Stager USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-26394",
"datePublished": "2023-04-12T00:00:00",
"dateReserved": "2023-02-22T00:00:00",
"dateUpdated": "2024-08-02T11:46:24.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45141
Vulnerability from cvelistv5
Published
2024-10-09 13:28
Modified
2024-10-09 17:41
Severity ?
EPSS score ?
Summary
Substance3D - Stager | Out-of-bounds Write (CWE-787)
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:substance_3d_stager:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "substance_3d_stager",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "3.0.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T17:40:39.841489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T17:41:32.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "3.0.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-10-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T13:28:43.640Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Substance3D - Stager | Out-of-bounds Write (CWE-787)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-45141",
"datePublished": "2024-10-09T13:28:43.640Z",
"dateReserved": "2024-08-21T23:00:59.350Z",
"dateUpdated": "2024-10-09T17:41:32.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26384
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2024-08-02 11:46
Severity ?
EPSS score ?
Summary
ZDI-CAN-20279: Adobe Substance 3D Stager USD File Parsing Use-After-Free Remote Code Execution Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:24.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-20279: Adobe Substance 3D Stager USD File Parsing Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-26384",
"datePublished": "2023-04-12T00:00:00",
"dateReserved": "2023-02-22T00:00:00",
"dateUpdated": "2024-08-02T11:46:24.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-20711
Vulnerability from cvelistv5
Published
2024-01-10 12:26
Modified
2024-08-01 21:59
Severity ?
EPSS score ?
Summary
Adobe Substance 3D Stager v2.1.1 Vulnerability VII
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.1.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-01-09T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T12:26:00.479Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Substance 3D Stager v2.1.1 Vulnerability VII"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-20711",
"datePublished": "2024-01-10T12:26:00.479Z",
"dateReserved": "2023-12-04T16:52:22.967Z",
"dateUpdated": "2024-08-01T21:59:42.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45142
Vulnerability from cvelistv5
Published
2024-10-09 13:28
Modified
2024-10-09 17:29
Severity ?
EPSS score ?
Summary
Substance3D - Stager | Write-what-where Condition (CWE-123)
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:substance_3d_stager:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "substance_3d_stager",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "3.0.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T17:25:51.409049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T17:29:06.772Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "3.0.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-10-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability allows an attacker to write a controlled value to an arbitrary memory location, potentially leading to code execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-123",
"description": "Write-what-where Condition (CWE-123)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T13:28:45.183Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Substance3D - Stager | Write-what-where Condition (CWE-123)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-45142",
"datePublished": "2024-10-09T13:28:45.183Z",
"dateReserved": "2024-08-21T23:00:59.350Z",
"dateUpdated": "2024-10-09T17:29:06.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26391
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2024-08-02 11:46
Severity ?
EPSS score ?
Summary
ZDI-CAN-20256: Adobe Substance 3D Stager USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:24.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-20256: Adobe Substance 3D Stager USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-26391",
"datePublished": "2023-04-12T00:00:00",
"dateReserved": "2023-02-22T00:00:00",
"dateUpdated": "2024-08-02T11:46:24.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26393
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2024-08-02 11:46
Severity ?
EPSS score ?
Summary
ZDI-CAN-20234: Adobe Substance 3D Stager USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:24.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-20234: Adobe Substance 3D Stager USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-26393",
"datePublished": "2023-04-12T00:00:00",
"dateReserved": "2023-02-22T00:00:00",
"dateUpdated": "2024-08-02T11:46:24.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26388
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2024-08-02 11:46
Severity ?
EPSS score ?
Summary
ZDI-CAN-20286: Adobe Substance 3D Stager USDZ File Parsing Memory Corruption Remote Code Execution Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:24.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation (CWE-20)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-20286: Adobe Substance 3D Stager USDZ File Parsing Memory Corruption Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-26388",
"datePublished": "2023-04-12T00:00:00",
"dateReserved": "2023-02-22T00:00:00",
"dateUpdated": "2024-08-02T11:46:24.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26389
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2024-08-02 11:46
Severity ?
EPSS score ?
Summary
ZDI-CAN-20258: Adobe Substance 3D Stager USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:24.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-20258: Adobe Substance 3D Stager USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-26389",
"datePublished": "2023-04-12T00:00:00",
"dateReserved": "2023-02-22T00:00:00",
"dateUpdated": "2024-08-02T11:46:24.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25872
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Adobe Substance 3D Stager SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Substance 3D Stager SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-25872",
"datePublished": "2023-03-27T00:00:00",
"dateReserved": "2023-02-15T00:00:00",
"dateUpdated": "2024-08-02T11:32:12.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45140
Vulnerability from cvelistv5
Published
2024-10-09 13:28
Modified
2024-10-09 13:39
Severity ?
EPSS score ?
Summary
Substance3D - Stager | Out-of-bounds Write (CWE-787)
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:substance_3d_stager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "substance_3d_stager",
"vendor": "adobe",
"versions": [
{
"lessThan": "3.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T13:36:51.590206Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T13:39:11.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "3.0.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-10-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T13:28:41.250Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Substance3D - Stager | Out-of-bounds Write (CWE-787)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-45140",
"datePublished": "2024-10-09T13:28:41.250Z",
"dateReserved": "2024-08-21T23:00:59.350Z",
"dateUpdated": "2024-10-09T13:39:11.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-20715
Vulnerability from cvelistv5
Published
2024-01-10 12:25
Modified
2024-08-01 21:59
Severity ?
EPSS score ?
Summary
Adobe Substance 3D Stager v2.1.1 Vulnerability VIII
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.1.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-01-09T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T12:25:57.290Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Substance 3D Stager v2.1.1 Vulnerability VIII"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-20715",
"datePublished": "2024-01-10T12:25:57.290Z",
"dateReserved": "2023-12-04T16:52:22.968Z",
"dateUpdated": "2024-08-01T21:59:42.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45143
Vulnerability from cvelistv5
Published
2024-10-09 13:28
Modified
2024-10-09 17:31
Severity ?
EPSS score ?
Summary
Substance3D - Stager | Heap-based Buffer Overflow (CWE-122)
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:substance_3d_stager:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "substance_3d_stager",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "3.0.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T17:30:10.324223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T17:31:08.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "3.0.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-10-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T13:28:44.409Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Substance3D - Stager | Heap-based Buffer Overflow (CWE-122)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-45143",
"datePublished": "2024-10-09T13:28:44.409Z",
"dateReserved": "2024-08-21T23:00:59.351Z",
"dateUpdated": "2024-10-09T17:31:08.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45138
Vulnerability from cvelistv5
Published
2024-10-09 13:28
Modified
2024-10-09 15:56
Severity ?
EPSS score ?
Summary
Substance3D - Stager | Use After Free (CWE-416)
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:substance_3d_stager:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "substance_3d_stager",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "3.0.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T15:55:02.934630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T15:56:01.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "3.0.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-10-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Stager versions 3.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T13:28:45.937Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Substance3D - Stager | Use After Free (CWE-416)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-45138",
"datePublished": "2024-10-09T13:28:45.937Z",
"dateReserved": "2024-08-21T23:00:59.349Z",
"dateUpdated": "2024-10-09T15:56:01.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25870
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Adobe Substance 3D Stager SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Substance 3D Stager SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-25870",
"datePublished": "2023-03-27T00:00:00",
"dateReserved": "2023-02-15T00:00:00",
"dateUpdated": "2024-08-02T11:32:12.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26392
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2024-08-02 11:46
Severity ?
EPSS score ?
Summary
ZDI-CAN-20235: Adobe Substance 3D Stager USD File Parsing Use-After-Free Remote Code Execution Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:24.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-20235: Adobe Substance 3D Stager USD File Parsing Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-26392",
"datePublished": "2023-04-12T00:00:00",
"dateReserved": "2023-02-22T00:00:00",
"dateUpdated": "2024-08-02T11:46:24.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26386
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2024-08-02 11:46
Severity ?
EPSS score ?
Summary
ZDI-CAN-20266: Adobe Substance 3D Stager USDC File Parsing Uninitialized Variable Information Disclosure Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:24.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "Access of Uninitialized Pointer (CWE-824)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-20266: Adobe Substance 3D Stager USDC File Parsing Uninitialized Variable Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-26386",
"datePublished": "2023-04-12T00:00:00",
"dateReserved": "2023-02-22T00:00:00",
"dateUpdated": "2024-08-02T11:46:24.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25865
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Adobe Substance 3D Stager OBJ File Parsing Memory Corruption Remote Code Execution Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation (CWE-20)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Substance 3D Stager OBJ File Parsing Memory Corruption Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-25865",
"datePublished": "2023-03-27T00:00:00",
"dateReserved": "2023-02-15T00:00:00",
"dateUpdated": "2024-08-02T11:32:12.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45152
Vulnerability from cvelistv5
Published
2024-10-09 13:28
Modified
2024-10-09 17:49
Severity ?
EPSS score ?
Summary
Substance3D - Stager | Out-of-bounds Write (CWE-787)
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:substance_3d_stager:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "substance_3d_stager",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "3.0.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45152",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T17:47:55.723473Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T17:49:28.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "3.0.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-10-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T13:28:42.865Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Substance3D - Stager | Out-of-bounds Write (CWE-787)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-45152",
"datePublished": "2024-10-09T13:28:42.865Z",
"dateReserved": "2024-08-21T23:00:59.352Z",
"dateUpdated": "2024-10-09T17:49:28.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25876
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-25876",
"datePublished": "2023-03-27T00:00:00",
"dateReserved": "2023-02-15T00:00:00",
"dateUpdated": "2024-08-02T11:32:12.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39388
Vulnerability from cvelistv5
Published
2024-08-14 15:03
Modified
2024-11-16 04:55
Severity ?
EPSS score ?
Summary
ZDI-CAN-24055: Adobe Substance 3D Stager SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpx.adobe.com/security/products/substance3d_stager/apsb24-60.htm | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:substance_3d_stager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "substance_3d_stager",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "3.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39388",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-16T04:55:43.024Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "3.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-08-13T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Stager versions 3.0.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T15:03:54.436Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-60.htm"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-24055: Adobe Substance 3D Stager SKP File Parsing Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-39388",
"datePublished": "2024-08-14T15:03:54.436Z",
"dateReserved": "2024-06-24T20:32:06.588Z",
"dateUpdated": "2024-11-16T04:55:43.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-20713
Vulnerability from cvelistv5
Published
2024-01-10 12:25
Modified
2024-08-01 21:59
Severity ?
EPSS score ?
Summary
Adobe Substance 3D Stager v2.1.1 Vulnerability IV
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.1.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-01-09T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T12:25:58.851Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Substance 3D Stager v2.1.1 Vulnerability IV"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-20713",
"datePublished": "2024-01-10T12:25:58.851Z",
"dateReserved": "2023-12-04T16:52:22.968Z",
"dateUpdated": "2024-08-01T21:59:42.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-34115
Vulnerability from cvelistv5
Published
2024-06-13 11:25
Modified
2024-08-02 02:43
Severity ?
EPSS score ?
Summary
ZDI-CAN-24054: Adobe Substance 3D Stager SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpx.adobe.com/security/products/substance3d_stager/apsb24-43.html | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:substance_3d_stager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "substance_3d_stager",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "2.1.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T03:55:32.525Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:43:00.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-43.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.1.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-06-11T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Stager versions 2.1.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T11:25:39.069Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-43.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-24054: Adobe Substance 3D Stager SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-34115",
"datePublished": "2024-06-13T11:25:39.069Z",
"dateReserved": "2024-04-30T19:50:50.904Z",
"dateUpdated": "2024-08-02T02:43:00.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25867
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Adobe Substance 3D Stager PCX File Parsing Memory Corruption Remote Code Execution Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation (CWE-20)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Substance 3D Stager PCX File Parsing Memory Corruption Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-25867",
"datePublished": "2023-03-27T00:00:00",
"dateReserved": "2023-02-15T00:00:00",
"dateUpdated": "2024-08-02T11:32:12.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26383
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2024-08-02 11:46
Severity ?
EPSS score ?
Summary
ZDI-CAN-20287: Adobe Substance 3D Stager USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:24.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow (CWE-121)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-20287: Adobe Substance 3D Stager USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-26383",
"datePublished": "2023-04-12T00:00:00",
"dateReserved": "2023-02-22T00:00:00",
"dateUpdated": "2024-08-02T11:46:24.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45139
Vulnerability from cvelistv5
Published
2024-10-09 13:28
Modified
2024-10-09 13:42
Severity ?
EPSS score ?
Summary
Substance3D - Stager | Heap-based Buffer Overflow (CWE-122)
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:substance_3d_stager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "substance_3d_stager",
"vendor": "adobe",
"versions": [
{
"lessThan": "3.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T13:41:48.734526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T13:42:58.122Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "3.0.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-10-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T13:28:42.096Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Substance3D - Stager | Heap-based Buffer Overflow (CWE-122)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-45139",
"datePublished": "2024-10-09T13:28:42.096Z",
"dateReserved": "2024-08-21T23:00:59.350Z",
"dateUpdated": "2024-10-09T13:42:58.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25871
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Adobe Substance 3D Stager SVG File Parsing Use-After-Free Remote Code Execution Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Substance 3D Stager SVG File Parsing Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-25871",
"datePublished": "2023-03-27T00:00:00",
"dateReserved": "2023-02-15T00:00:00",
"dateUpdated": "2024-08-02T11:32:12.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25875
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-25875",
"datePublished": "2023-03-27T00:00:00",
"dateReserved": "2023-02-15T00:00:00",
"dateUpdated": "2024-08-02T11:32:12.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25877
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-25877",
"datePublished": "2023-03-27T00:00:00",
"dateReserved": "2023-02-15T00:00:00",
"dateUpdated": "2024-08-02T11:32:12.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26385
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2024-08-02 11:46
Severity ?
EPSS score ?
Summary
ZDI-CAN-20267: Adobe Substance 3D Stager USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:24.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-20267: Adobe Substance 3D Stager USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-26385",
"datePublished": "2023-04-12T00:00:00",
"dateReserved": "2023-02-22T00:00:00",
"dateUpdated": "2024-08-02T11:46:24.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25863
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Adobe Substance 3D Stager USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Substance 3D Stager USDC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-25863",
"datePublished": "2023-03-27T00:00:00",
"dateReserved": "2023-02-15T00:00:00",
"dateUpdated": "2024-08-02T11:32:12.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26387
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2024-08-02 11:46
Severity ?
EPSS score ?
Summary
ZDI-CAN-20265: Adobe Substance 3D Stager USDC File Parsing Uninitialized Variable Information Disclosure Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:24.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "Access of Uninitialized Pointer (CWE-824)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-20265: Adobe Substance 3D Stager USDC File Parsing Uninitialized Variable Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-26387",
"datePublished": "2023-04-12T00:00:00",
"dateReserved": "2023-02-22T00:00:00",
"dateUpdated": "2024-08-02T11:46:24.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26403
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2024-08-02 11:46
Severity ?
EPSS score ?
Summary
ZDI-CAN-20259: Adobe Substance 3D Stager USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:24.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-20259: Adobe Substance 3D Stager USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-26403",
"datePublished": "2023-04-12T00:00:00",
"dateReserved": "2023-02-22T00:00:00",
"dateUpdated": "2024-08-02T11:46:24.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47080
Vulnerability from cvelistv5
Published
2023-12-13 13:15
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
Adobe Substance 3D Stager v2.1.1 Vulnerability VI
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpx.adobe.com/security/products/substance3d_stager/apsb23-73.html | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-73.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.1.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-12-12T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T13:15:59.384Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-73.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Substance 3D Stager v2.1.1 Vulnerability VI"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-47080",
"datePublished": "2023-12-13T13:15:59.384Z",
"dateReserved": "2023-10-30T16:23:27.890Z",
"dateUpdated": "2024-08-02T21:01:22.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47081
Vulnerability from cvelistv5
Published
2023-12-13 13:15
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
Adobe Substance 3D Stager v2.1.1 Vulnerability II
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpx.adobe.com/security/products/substance3d_stager/apsb23-73.html | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-73.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.1.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-12-12T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T13:15:58.605Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-73.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Substance 3D Stager v2.1.1 Vulnerability II"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-47081",
"datePublished": "2023-12-13T13:15:58.605Z",
"dateReserved": "2023-10-30T16:23:27.890Z",
"dateUpdated": "2024-08-02T21:01:22.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26390
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2024-08-02 11:46
Severity ?
EPSS score ?
Summary
ZDI-CAN-20255: Adobe Substance 3D Stager USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:24.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow (CWE-121)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-20255: Adobe Substance 3D Stager USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-26390",
"datePublished": "2023-04-12T00:00:00",
"dateReserved": "2023-02-22T00:00:00",
"dateUpdated": "2024-08-02T11:46:24.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25866
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-25866",
"datePublished": "2023-03-27T00:00:00",
"dateReserved": "2023-02-15T00:00:00",
"dateUpdated": "2024-08-02T11:32:12.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26402
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2024-08-02 11:46
Severity ?
EPSS score ?
Summary
ZDI-CAN-20237: Adobe Substance 3D Stager USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:24.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-26.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-20237: Adobe Substance 3D Stager USD File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-26402",
"datePublished": "2023-04-12T00:00:00",
"dateReserved": "2023-02-22T00:00:00",
"dateUpdated": "2024-08-02T11:46:24.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-20714
Vulnerability from cvelistv5
Published
2024-01-10 12:25
Modified
2024-08-01 21:59
Severity ?
EPSS score ?
Summary
Adobe Substance 3D Stager v2.1.1 Vulnerability V
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.1.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-01-09T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T12:25:58.076Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Substance 3D Stager v2.1.1 Vulnerability V"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-20714",
"datePublished": "2024-01-10T12:25:58.076Z",
"dateReserved": "2023-12-04T16:52:22.968Z",
"dateUpdated": "2024-08-01T21:59:42.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25878
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Substance 3D Stager OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-25878",
"datePublished": "2023-03-27T00:00:00",
"dateReserved": "2023-02-15T00:00:00",
"dateUpdated": "2024-08-02T11:32:12.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25868
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Adobe Substance 3D Stager SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Substance 3D Stager SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-25868",
"datePublished": "2023-03-27T00:00:00",
"dateReserved": "2023-02-15T00:00:00",
"dateUpdated": "2024-08-02T11:32:12.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25864
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Adobe Substance 3D Stager FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Substance 3D Stager FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-25864",
"datePublished": "2023-03-27T00:00:00",
"dateReserved": "2023-02-15T00:00:00",
"dateUpdated": "2024-08-02T11:32:12.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25873
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Adobe Substance 3D Stager SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Substance 3D Stager SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-25873",
"datePublished": "2023-03-27T00:00:00",
"dateReserved": "2023-02-15T00:00:00",
"dateUpdated": "2024-08-02T11:32:12.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45144
Vulnerability from cvelistv5
Published
2024-10-09 13:28
Modified
2024-10-09 13:41
Severity ?
EPSS score ?
Summary
Substance3D - Stager | Out-of-bounds Write (CWE-787)
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:substance_3d_stager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "substance_3d_stager",
"vendor": "adobe",
"versions": [
{
"lessThan": "3.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45144",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T13:40:06.693484Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T13:41:02.067Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "3.0.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-10-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T13:28:40.433Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Substance3D - Stager | Out-of-bounds Write (CWE-787)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-45144",
"datePublished": "2024-10-09T13:28:40.433Z",
"dateReserved": "2024-08-21T23:00:59.351Z",
"dateUpdated": "2024-10-09T13:41:02.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-20712
Vulnerability from cvelistv5
Published
2024-01-10 12:25
Modified
2024-08-01 21:59
Severity ?
EPSS score ?
Summary
Adobe Substance 3D Stager v2.1.1 Vulnerability III
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.1.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-01-09T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T12:25:59.624Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Substance 3D Stager v2.1.1 Vulnerability III"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-20712",
"datePublished": "2024-01-10T12:25:59.624Z",
"dateReserved": "2023-12-04T16:52:22.967Z",
"dateUpdated": "2024-08-01T21:59:42.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25869
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Adobe Substance 3D Stager SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Substance 3D Stager SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-25869",
"datePublished": "2023-03-27T00:00:00",
"dateReserved": "2023-02-15T00:00:00",
"dateUpdated": "2024-08-02T11:32:12.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-20710
Vulnerability from cvelistv5
Published
2024-01-10 12:25
Modified
2024-08-01 21:59
Severity ?
EPSS score ?
Summary
Adobe Substance 3D Stager v2.1.1 Vulnerability I
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.1.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-01-09T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T12:25:56.512Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Substance 3D Stager v2.1.1 Vulnerability I"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-20710",
"datePublished": "2024-01-10T12:25:56.512Z",
"dateReserved": "2023-12-04T16:52:22.967Z",
"dateUpdated": "2024-08-01T21:59:42.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25874
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Adobe Substance 3D Stager SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Adobe | Substance3D - Stager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Substance3D - Stager",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T00:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Substance 3D Stager SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-25874",
"datePublished": "2023-03-27T00:00:00",
"dateReserved": "2023-02-15T00:00:00",
"dateUpdated": "2024-08-02T11:32:12.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}