Vulnerability-Lookup

WID-SEC-W-2024-3421

Vulnerability from csaf_certbund - Published: 2024-11-12 23:00 - Updated: 2024-11-12 23:00

Summary

Adobe Creative Cloud Applikationen: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Adobe Creative Cloud umfasst Anwendungen und Dienste für Video, Design, Fotografie und Web.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Adobe Creative Cloud ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuführen und vertrauliche Informationen offenzulegen.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2024-47441

Es bestehen mehrere Schwachstellen in Adobe Creative Cloud After Effects. Diese Fehler sind auf Out-of-Bounds-Schreib- und Leseprobleme zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Adobe Creative Cloud After Effects <25.0 Adobe / Creative Cloud		After Effects <25.0
Adobe Creative Cloud After Effects <24.6.3 Adobe / Creative Cloud		After Effects <24.6.3

CVE-2024-47442

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Adobe Creative Cloud After Effects <25.0 Adobe / Creative Cloud		After Effects <25.0
Adobe Creative Cloud After Effects <24.6.3 Adobe / Creative Cloud		After Effects <24.6.3

CVE-2024-47443

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Adobe Creative Cloud After Effects <25.0 Adobe / Creative Cloud		After Effects <25.0
Adobe Creative Cloud After Effects <24.6.3 Adobe / Creative Cloud		After Effects <24.6.3

CVE-2024-47444

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Adobe Creative Cloud After Effects <25.0 Adobe / Creative Cloud		After Effects <25.0
Adobe Creative Cloud After Effects <24.6.3 Adobe / Creative Cloud		After Effects <24.6.3

CVE-2024-47445

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Adobe Creative Cloud After Effects <25.0 Adobe / Creative Cloud		After Effects <25.0
Adobe Creative Cloud After Effects <24.6.3 Adobe / Creative Cloud		After Effects <24.6.3

CVE-2024-47446

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Adobe Creative Cloud After Effects <25.0 Adobe / Creative Cloud		After Effects <25.0
Adobe Creative Cloud After Effects <24.6.3 Adobe / Creative Cloud		After Effects <24.6.3

CVE-2024-47449

Es besteht eine Schwachstelle in Adobe Creative Cloud Audition aufgrund eines „Out of Bounds“-Read-Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Adobe Creative Cloud Audition <24.6.3 Adobe / Creative Cloud		Audition <24.6.3
Adobe Creative Cloud Audition <25.0 Adobe / Creative Cloud		Audition <25.0

CVE-2024-45147

Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Bridge. Diese Fehler sind auf eine Null- Pointer-Dereferenz und ein Out-of-Bounds-Read-Problem zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Bridge  <14.1.3 Adobe / Creative Cloud		Bridge  <14.1.3

CVE-2024-47458

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Bridge  <14.1.3 Adobe / Creative Cloud		Bridge  <14.1.3

CVE-2024-45114

Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Illustrator. Diese Schwachstellen bestehen aufgrund mehrerer Sicherheitsprobleme, darunter Out-of-bounds-Lese- und Schreibvorgänge, Null- Pointer-Dereferenz und ein Heap-basierter Pufferüberlauf. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Adobe Creative Cloud Illustrator 2025 <29.0.0 Adobe / Creative Cloud		Illustrator 2025 <29.0.0
Adobe Creative Cloud Illustrator 2024 <28.7.2 Adobe / Creative Cloud		Illustrator 2024 <28.7.2

CVE-2024-47450

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Adobe Creative Cloud Illustrator 2025 <29.0.0 Adobe / Creative Cloud		Illustrator 2025 <29.0.0
Adobe Creative Cloud Illustrator 2024 <28.7.2 Adobe / Creative Cloud		Illustrator 2024 <28.7.2

CVE-2024-47451

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Adobe Creative Cloud Illustrator 2025 <29.0.0 Adobe / Creative Cloud		Illustrator 2025 <29.0.0
Adobe Creative Cloud Illustrator 2024 <28.7.2 Adobe / Creative Cloud		Illustrator 2024 <28.7.2

CVE-2024-47452

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Adobe Creative Cloud Illustrator 2025 <29.0.0 Adobe / Creative Cloud		Illustrator 2025 <29.0.0
Adobe Creative Cloud Illustrator 2024 <28.7.2 Adobe / Creative Cloud		Illustrator 2024 <28.7.2

CVE-2024-47453

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Adobe Creative Cloud Illustrator 2025 <29.0.0 Adobe / Creative Cloud		Illustrator 2025 <29.0.0
Adobe Creative Cloud Illustrator 2024 <28.7.2 Adobe / Creative Cloud		Illustrator 2024 <28.7.2

CVE-2024-47454

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Adobe Creative Cloud Illustrator 2025 <29.0.0 Adobe / Creative Cloud		Illustrator 2025 <29.0.0
Adobe Creative Cloud Illustrator 2024 <28.7.2 Adobe / Creative Cloud		Illustrator 2024 <28.7.2

CVE-2024-47455

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Adobe Creative Cloud Illustrator 2025 <29.0.0 Adobe / Creative Cloud		Illustrator 2025 <29.0.0
Adobe Creative Cloud Illustrator 2024 <28.7.2 Adobe / Creative Cloud		Illustrator 2024 <28.7.2

CVE-2024-47456

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Adobe Creative Cloud Illustrator 2025 <29.0.0 Adobe / Creative Cloud		Illustrator 2025 <29.0.0
Adobe Creative Cloud Illustrator 2024 <28.7.2 Adobe / Creative Cloud		Illustrator 2024 <28.7.2

CVE-2024-47457

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Adobe Creative Cloud Illustrator 2025 <29.0.0 Adobe / Creative Cloud		Illustrator 2025 <29.0.0
Adobe Creative Cloud Illustrator 2024 <28.7.2 Adobe / Creative Cloud		Illustrator 2024 <28.7.2

CVE-2024-49507

Es bestehen mehrere Schwachstellen in Adobe Creative Cloud InDesign. Diese Fehler bestehen aufgrund von Heap-basierten Pufferüberläufen und Out-of-bounds-Read-Problemen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Adobe Creative Cloud InDesign <ID20.0 Adobe / Creative Cloud		InDesign <ID20.0
Adobe Creative Cloud InDesign <ID18.5.3 Adobe / Creative Cloud		InDesign <ID18.5.3
Adobe Creative Cloud InDesign <ID18.5.4 Adobe / Creative Cloud		InDesign <ID18.5.4

CVE-2024-49508

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Adobe Creative Cloud InDesign <ID20.0 Adobe / Creative Cloud		InDesign <ID20.0
Adobe Creative Cloud InDesign <ID18.5.3 Adobe / Creative Cloud		InDesign <ID18.5.3
Adobe Creative Cloud InDesign <ID18.5.4 Adobe / Creative Cloud		InDesign <ID18.5.4

CVE-2024-49509

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Adobe Creative Cloud InDesign <ID20.0 Adobe / Creative Cloud		InDesign <ID20.0
Adobe Creative Cloud InDesign <ID18.5.3 Adobe / Creative Cloud		InDesign <ID18.5.3
Adobe Creative Cloud InDesign <ID18.5.4 Adobe / Creative Cloud		InDesign <ID18.5.4

CVE-2024-49510

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Adobe Creative Cloud InDesign <ID20.0 Adobe / Creative Cloud		InDesign <ID20.0
Adobe Creative Cloud InDesign <ID18.5.3 Adobe / Creative Cloud		InDesign <ID18.5.3
Adobe Creative Cloud InDesign <ID18.5.4 Adobe / Creative Cloud		InDesign <ID18.5.4

CVE-2024-49511

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Adobe Creative Cloud InDesign <ID20.0 Adobe / Creative Cloud		InDesign <ID20.0
Adobe Creative Cloud InDesign <ID18.5.3 Adobe / Creative Cloud		InDesign <ID18.5.3
Adobe Creative Cloud InDesign <ID18.5.4 Adobe / Creative Cloud		InDesign <ID18.5.4

CVE-2024-49512

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Adobe Creative Cloud InDesign <ID20.0 Adobe / Creative Cloud		InDesign <ID20.0
Adobe Creative Cloud InDesign <ID18.5.3 Adobe / Creative Cloud		InDesign <ID18.5.3
Adobe Creative Cloud InDesign <ID18.5.4 Adobe / Creative Cloud		InDesign <ID18.5.4

CVE-2024-47426

Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Substance 3D Painter. Diese Fehler sind auf mehrere Sicherheitslücken zurückzuführen, darunter Heap-basierte Pufferüberläufe, Out-of-Bounds-Reads und -Writes oder ein Double-Free-Problem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuführen und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Substance 3D Painter <10.1.1 Adobe / Creative Cloud		Substance 3D Painter <10.1.1

CVE-2024-47427

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Substance 3D Painter <10.1.1 Adobe / Creative Cloud		Substance 3D Painter <10.1.1

CVE-2024-47428

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Substance 3D Painter <10.1.1 Adobe / Creative Cloud		Substance 3D Painter <10.1.1

CVE-2024-47429

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Substance 3D Painter <10.1.1 Adobe / Creative Cloud		Substance 3D Painter <10.1.1

CVE-2024-47430

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Substance 3D Painter <10.1.1 Adobe / Creative Cloud		Substance 3D Painter <10.1.1

CVE-2024-47431

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Substance 3D Painter <10.1.1 Adobe / Creative Cloud		Substance 3D Painter <10.1.1

CVE-2024-47432

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Substance 3D Painter <10.1.1 Adobe / Creative Cloud		Substance 3D Painter <10.1.1

CVE-2024-47433

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Substance 3D Painter <10.1.1 Adobe / Creative Cloud		Substance 3D Painter <10.1.1

CVE-2024-47434

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Substance 3D Painter <10.1.1 Adobe / Creative Cloud		Substance 3D Painter <10.1.1

CVE-2024-47435

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Substance 3D Painter <10.1.1 Adobe / Creative Cloud		Substance 3D Painter <10.1.1

CVE-2024-47436

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Substance 3D Painter <10.1.1 Adobe / Creative Cloud		Substance 3D Painter <10.1.1

CVE-2024-47437

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Substance 3D Painter <10.1.1 Adobe / Creative Cloud		Substance 3D Painter <10.1.1

CVE-2024-47438

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Substance 3D Painter <10.1.1 Adobe / Creative Cloud		Substance 3D Painter <10.1.1

CVE-2024-47439

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Substance 3D Painter <10.1.1 Adobe / Creative Cloud		Substance 3D Painter <10.1.1

CVE-2024-47440

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Substance 3D Painter <10.1.1 Adobe / Creative Cloud		Substance 3D Painter <10.1.1

CVE-2024-49515

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Substance 3D Painter <10.1.1 Adobe / Creative Cloud		Substance 3D Painter <10.1.1

CVE-2024-49516

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Substance 3D Painter <10.1.1 Adobe / Creative Cloud		Substance 3D Painter <10.1.1

CVE-2024-49517

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Substance 3D Painter <10.1.1 Adobe / Creative Cloud		Substance 3D Painter <10.1.1

CVE-2024-49518

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Substance 3D Painter <10.1.1 Adobe / Creative Cloud		Substance 3D Painter <10.1.1

CVE-2024-49519

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Substance 3D Painter <10.1.1 Adobe / Creative Cloud		Substance 3D Painter <10.1.1

CVE-2024-49520

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Substance 3D Painter <10.1.1 Adobe / Creative Cloud		Substance 3D Painter <10.1.1

CVE-2024-49525

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Adobe Creative Cloud Substance 3D Painter <10.1.1 Adobe / Creative Cloud		Substance 3D Painter <10.1.1

References

8 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://helpx.adobe.com/security/products/after_e…	external
https://helpx.adobe.com/security/products/auditio…	external
https://helpx.adobe.com/security/products/bridge/…	external
https://helpx.adobe.com/security/products/illustr…	external
https://helpx.adobe.com/security/products/indesig…	external
https://helpx.adobe.com/security/products/substan…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Adobe Creative Cloud umfasst Anwendungen und Dienste f\u00fcr Video, Design, Fotografie und Web.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Adobe Creative Cloud ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3421 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3421.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3421 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3421"
      },
      {
        "category": "external",
        "summary": "Adobe Security Bulletin APSB24-85 vom 2024-11-12",
        "url": "https://helpx.adobe.com/security/products/after_effects/apsb24-85.html"
      },
      {
        "category": "external",
        "summary": "Adobe Security Bulletin APSB24-83 vom 2024-11-12",
        "url": "https://helpx.adobe.com/security/products/audition/apsb24-83.html"
      },
      {
        "category": "external",
        "summary": "Adobe Security Bulletin APSB24-77 vom 2024-11-12",
        "url": "https://helpx.adobe.com/security/products/bridge/apsb24-77.html"
      },
      {
        "category": "external",
        "summary": "Adobe Security Bulletin APSB24-87 vom 2024-11-12",
        "url": "https://helpx.adobe.com/security/products/illustrator/apsb24-87.html"
      },
      {
        "category": "external",
        "summary": "Adobe Security Bulletin APSB24-88 vom 2024-11-12",
        "url": "https://helpx.adobe.com/security/products/indesign/apsb24-88.html"
      },
      {
        "category": "external",
        "summary": "Adobe Security Bulletin APSB24-86 vom 2024-11-12",
        "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Adobe Creative Cloud Applikationen: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-11-12T23:00:00.000+00:00",
      "generator": {
        "date": "2024-11-13T11:17:45.429+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-3421",
      "initial_release_date": "2024-11-12T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-11-12T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "After Effects \u003c24.6.3",
                "product": {
                  "name": "Adobe Creative Cloud After Effects \u003c24.6.3",
                  "product_id": "T038973"
                }
              },
              {
                "category": "product_version_range",
                "name": "After Effects 24.6.3",
                "product": {
                  "name": "Adobe Creative Cloud After Effects 24.6.3",
                  "product_id": "T038973-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "After Effects \u003c25.0",
                "product": {
                  "name": "Adobe Creative Cloud After Effects \u003c25.0",
                  "product_id": "T038974"
                }
              },
              {
                "category": "product_version_range",
                "name": "After Effects 25.0",
                "product": {
                  "name": "Adobe Creative Cloud After Effects 25.0",
                  "product_id": "T038974-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "Audition \u003c25.0",
                "product": {
                  "name": "Adobe Creative Cloud Audition \u003c25.0",
                  "product_id": "T038975"
                }
              },
              {
                "category": "product_version",
                "name": "Audition 25.0",
                "product": {
                  "name": "Adobe Creative Cloud Audition 25.0",
                  "product_id": "T038975-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:adobe:creative_cloud:audition__25.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Audition \u003c24.6.3",
                "product": {
                  "name": "Adobe Creative Cloud Audition \u003c24.6.3",
                  "product_id": "T038976"
                }
              },
              {
                "category": "product_version",
                "name": "Audition 24.6.3",
                "product": {
                  "name": "Adobe Creative Cloud Audition 24.6.3",
                  "product_id": "T038976-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:adobe:creative_cloud:audition__24.6.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Bridge\u202f \u003c14.1.3",
                "product": {
                  "name": "Adobe Creative Cloud Bridge\u202f \u003c14.1.3",
                  "product_id": "T038977"
                }
              },
              {
                "category": "product_version",
                "name": "Bridge\u202f 14.1.3",
                "product": {
                  "name": "Adobe Creative Cloud Bridge\u202f 14.1.3",
                  "product_id": "T038977-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:adobe:creative_cloud:bridge__14.1.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Illustrator 2024 \u003c28.7.2",
                "product": {
                  "name": "Adobe Creative Cloud Illustrator 2024 \u003c28.7.2",
                  "product_id": "T038980"
                }
              },
              {
                "category": "product_version",
                "name": "Illustrator 2024 28.7.2",
                "product": {
                  "name": "Adobe Creative Cloud Illustrator 2024 28.7.2",
                  "product_id": "T038980-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:adobe:creative_cloud:illustrator_2024__28.7.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "InDesign \u003cID20.0",
                "product": {
                  "name": "Adobe Creative Cloud InDesign \u003cID20.0",
                  "product_id": "T038981"
                }
              },
              {
                "category": "product_version",
                "name": "InDesign ID20.0",
                "product": {
                  "name": "Adobe Creative Cloud InDesign ID20.0",
                  "product_id": "T038981-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:adobe:creative_cloud:indesign__id20.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "InDesign \u003cID18.5.4",
                "product": {
                  "name": "Adobe Creative Cloud InDesign \u003cID18.5.4",
                  "product_id": "T038982"
                }
              },
              {
                "category": "product_version",
                "name": "InDesign ID18.5.4",
                "product": {
                  "name": "Adobe Creative Cloud InDesign ID18.5.4",
                  "product_id": "T038982-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:adobe:creative_cloud:indesign__id18.5.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "InDesign \u003cID18.5.3",
                "product": {
                  "name": "Adobe Creative Cloud InDesign \u003cID18.5.3",
                  "product_id": "T038983"
                }
              },
              {
                "category": "product_version",
                "name": "InDesign ID18.5.3",
                "product": {
                  "name": "Adobe Creative Cloud InDesign ID18.5.3",
                  "product_id": "T038983-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:adobe:creative_cloud:indesign__id18.5.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Substance 3D Painter \u003c10.1.1",
                "product": {
                  "name": "Adobe Creative Cloud Substance 3D Painter \u003c10.1.1",
                  "product_id": "T038984"
                }
              },
              {
                "category": "product_version",
                "name": "Substance 3D Painter 10.1.1",
                "product": {
                  "name": "Adobe Creative Cloud Substance 3D Painter 10.1.1",
                  "product_id": "T038984-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:adobe:creative_cloud:substance_3d_painter__10.1.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Illustrator 2025 \u003c29.0.0",
                "product": {
                  "name": "Adobe Creative Cloud Illustrator 2025 \u003c29.0.0",
                  "product_id": "T038985"
                }
              },
              {
                "category": "product_version",
                "name": "Illustrator 2025 29.0.0",
                "product": {
                  "name": "Adobe Creative Cloud Illustrator 2025 29.0.0",
                  "product_id": "T038985-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:adobe:creative_cloud:illustrator_2025__29.0.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Creative Cloud"
          }
        ],
        "category": "vendor",
        "name": "Adobe"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-47441",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud After Effects. Diese Fehler sind auf Out-of-Bounds-Schreib- und Leseprobleme zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038974",
          "T038973"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47441"
    },
    {
      "cve": "CVE-2024-47442",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud After Effects. Diese Fehler sind auf Out-of-Bounds-Schreib- und Leseprobleme zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038974",
          "T038973"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47442"
    },
    {
      "cve": "CVE-2024-47443",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud After Effects. Diese Fehler sind auf Out-of-Bounds-Schreib- und Leseprobleme zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038974",
          "T038973"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47443"
    },
    {
      "cve": "CVE-2024-47444",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud After Effects. Diese Fehler sind auf Out-of-Bounds-Schreib- und Leseprobleme zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038974",
          "T038973"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47444"
    },
    {
      "cve": "CVE-2024-47445",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud After Effects. Diese Fehler sind auf Out-of-Bounds-Schreib- und Leseprobleme zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038974",
          "T038973"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47445"
    },
    {
      "cve": "CVE-2024-47446",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud After Effects. Diese Fehler sind auf Out-of-Bounds-Schreib- und Leseprobleme zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038974",
          "T038973"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47446"
    },
    {
      "cve": "CVE-2024-47449",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Adobe Creative Cloud Audition aufgrund eines \u201eOut of Bounds\u201c-Read-Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038976",
          "T038975"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47449"
    },
    {
      "cve": "CVE-2024-45147",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Bridge. Diese Fehler sind auf eine Null- Pointer-Dereferenz und ein Out-of-Bounds-Read-Problem zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038977"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-45147"
    },
    {
      "cve": "CVE-2024-47458",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Bridge. Diese Fehler sind auf eine Null- Pointer-Dereferenz und ein Out-of-Bounds-Read-Problem zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038977"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47458"
    },
    {
      "cve": "CVE-2024-45114",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Illustrator. Diese Schwachstellen bestehen aufgrund mehrerer Sicherheitsprobleme, darunter Out-of-bounds-Lese- und Schreibvorg\u00e4nge, Null- Pointer-Dereferenz und ein Heap-basierter Puffer\u00fcberlauf. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038985",
          "T038980"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-45114"
    },
    {
      "cve": "CVE-2024-47450",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Illustrator. Diese Schwachstellen bestehen aufgrund mehrerer Sicherheitsprobleme, darunter Out-of-bounds-Lese- und Schreibvorg\u00e4nge, Null- Pointer-Dereferenz und ein Heap-basierter Puffer\u00fcberlauf. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038985",
          "T038980"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47450"
    },
    {
      "cve": "CVE-2024-47451",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Illustrator. Diese Schwachstellen bestehen aufgrund mehrerer Sicherheitsprobleme, darunter Out-of-bounds-Lese- und Schreibvorg\u00e4nge, Null- Pointer-Dereferenz und ein Heap-basierter Puffer\u00fcberlauf. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038985",
          "T038980"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47451"
    },
    {
      "cve": "CVE-2024-47452",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Illustrator. Diese Schwachstellen bestehen aufgrund mehrerer Sicherheitsprobleme, darunter Out-of-bounds-Lese- und Schreibvorg\u00e4nge, Null- Pointer-Dereferenz und ein Heap-basierter Puffer\u00fcberlauf. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038985",
          "T038980"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47452"
    },
    {
      "cve": "CVE-2024-47453",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Illustrator. Diese Schwachstellen bestehen aufgrund mehrerer Sicherheitsprobleme, darunter Out-of-bounds-Lese- und Schreibvorg\u00e4nge, Null- Pointer-Dereferenz und ein Heap-basierter Puffer\u00fcberlauf. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038985",
          "T038980"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47453"
    },
    {
      "cve": "CVE-2024-47454",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Illustrator. Diese Schwachstellen bestehen aufgrund mehrerer Sicherheitsprobleme, darunter Out-of-bounds-Lese- und Schreibvorg\u00e4nge, Null- Pointer-Dereferenz und ein Heap-basierter Puffer\u00fcberlauf. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038985",
          "T038980"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47454"
    },
    {
      "cve": "CVE-2024-47455",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Illustrator. Diese Schwachstellen bestehen aufgrund mehrerer Sicherheitsprobleme, darunter Out-of-bounds-Lese- und Schreibvorg\u00e4nge, Null- Pointer-Dereferenz und ein Heap-basierter Puffer\u00fcberlauf. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038985",
          "T038980"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47455"
    },
    {
      "cve": "CVE-2024-47456",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Illustrator. Diese Schwachstellen bestehen aufgrund mehrerer Sicherheitsprobleme, darunter Out-of-bounds-Lese- und Schreibvorg\u00e4nge, Null- Pointer-Dereferenz und ein Heap-basierter Puffer\u00fcberlauf. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038985",
          "T038980"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47456"
    },
    {
      "cve": "CVE-2024-47457",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Illustrator. Diese Schwachstellen bestehen aufgrund mehrerer Sicherheitsprobleme, darunter Out-of-bounds-Lese- und Schreibvorg\u00e4nge, Null- Pointer-Dereferenz und ein Heap-basierter Puffer\u00fcberlauf. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038985",
          "T038980"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47457"
    },
    {
      "cve": "CVE-2024-49507",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud InDesign. Diese Fehler bestehen aufgrund von Heap-basierten Puffer\u00fcberl\u00e4ufen und Out-of-bounds-Read-Problemen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038981",
          "T038983",
          "T038982"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-49507"
    },
    {
      "cve": "CVE-2024-49508",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud InDesign. Diese Fehler bestehen aufgrund von Heap-basierten Puffer\u00fcberl\u00e4ufen und Out-of-bounds-Read-Problemen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038981",
          "T038983",
          "T038982"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-49508"
    },
    {
      "cve": "CVE-2024-49509",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud InDesign. Diese Fehler bestehen aufgrund von Heap-basierten Puffer\u00fcberl\u00e4ufen und Out-of-bounds-Read-Problemen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038981",
          "T038983",
          "T038982"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-49509"
    },
    {
      "cve": "CVE-2024-49510",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud InDesign. Diese Fehler bestehen aufgrund von Heap-basierten Puffer\u00fcberl\u00e4ufen und Out-of-bounds-Read-Problemen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038981",
          "T038983",
          "T038982"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-49510"
    },
    {
      "cve": "CVE-2024-49511",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud InDesign. Diese Fehler bestehen aufgrund von Heap-basierten Puffer\u00fcberl\u00e4ufen und Out-of-bounds-Read-Problemen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038981",
          "T038983",
          "T038982"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-49511"
    },
    {
      "cve": "CVE-2024-49512",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud InDesign. Diese Fehler bestehen aufgrund von Heap-basierten Puffer\u00fcberl\u00e4ufen und Out-of-bounds-Read-Problemen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038981",
          "T038983",
          "T038982"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-49512"
    },
    {
      "cve": "CVE-2024-47426",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Substance 3D Painter. Diese Fehler sind auf mehrere Sicherheitsl\u00fccken zur\u00fcckzuf\u00fchren, darunter Heap-basierte Puffer\u00fcberl\u00e4ufe, Out-of-Bounds-Reads und -Writes oder ein Double-Free-Problem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038984"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47426"
    },
    {
      "cve": "CVE-2024-47427",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Substance 3D Painter. Diese Fehler sind auf mehrere Sicherheitsl\u00fccken zur\u00fcckzuf\u00fchren, darunter Heap-basierte Puffer\u00fcberl\u00e4ufe, Out-of-Bounds-Reads und -Writes oder ein Double-Free-Problem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038984"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47427"
    },
    {
      "cve": "CVE-2024-47428",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Substance 3D Painter. Diese Fehler sind auf mehrere Sicherheitsl\u00fccken zur\u00fcckzuf\u00fchren, darunter Heap-basierte Puffer\u00fcberl\u00e4ufe, Out-of-Bounds-Reads und -Writes oder ein Double-Free-Problem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038984"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47428"
    },
    {
      "cve": "CVE-2024-47429",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Substance 3D Painter. Diese Fehler sind auf mehrere Sicherheitsl\u00fccken zur\u00fcckzuf\u00fchren, darunter Heap-basierte Puffer\u00fcberl\u00e4ufe, Out-of-Bounds-Reads und -Writes oder ein Double-Free-Problem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038984"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47429"
    },
    {
      "cve": "CVE-2024-47430",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Substance 3D Painter. Diese Fehler sind auf mehrere Sicherheitsl\u00fccken zur\u00fcckzuf\u00fchren, darunter Heap-basierte Puffer\u00fcberl\u00e4ufe, Out-of-Bounds-Reads und -Writes oder ein Double-Free-Problem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038984"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47430"
    },
    {
      "cve": "CVE-2024-47431",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Substance 3D Painter. Diese Fehler sind auf mehrere Sicherheitsl\u00fccken zur\u00fcckzuf\u00fchren, darunter Heap-basierte Puffer\u00fcberl\u00e4ufe, Out-of-Bounds-Reads und -Writes oder ein Double-Free-Problem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038984"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47431"
    },
    {
      "cve": "CVE-2024-47432",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Substance 3D Painter. Diese Fehler sind auf mehrere Sicherheitsl\u00fccken zur\u00fcckzuf\u00fchren, darunter Heap-basierte Puffer\u00fcberl\u00e4ufe, Out-of-Bounds-Reads und -Writes oder ein Double-Free-Problem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038984"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47432"
    },
    {
      "cve": "CVE-2024-47433",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Substance 3D Painter. Diese Fehler sind auf mehrere Sicherheitsl\u00fccken zur\u00fcckzuf\u00fchren, darunter Heap-basierte Puffer\u00fcberl\u00e4ufe, Out-of-Bounds-Reads und -Writes oder ein Double-Free-Problem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038984"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47433"
    },
    {
      "cve": "CVE-2024-47434",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Substance 3D Painter. Diese Fehler sind auf mehrere Sicherheitsl\u00fccken zur\u00fcckzuf\u00fchren, darunter Heap-basierte Puffer\u00fcberl\u00e4ufe, Out-of-Bounds-Reads und -Writes oder ein Double-Free-Problem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038984"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47434"
    },
    {
      "cve": "CVE-2024-47435",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Substance 3D Painter. Diese Fehler sind auf mehrere Sicherheitsl\u00fccken zur\u00fcckzuf\u00fchren, darunter Heap-basierte Puffer\u00fcberl\u00e4ufe, Out-of-Bounds-Reads und -Writes oder ein Double-Free-Problem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038984"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47435"
    },
    {
      "cve": "CVE-2024-47436",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Substance 3D Painter. Diese Fehler sind auf mehrere Sicherheitsl\u00fccken zur\u00fcckzuf\u00fchren, darunter Heap-basierte Puffer\u00fcberl\u00e4ufe, Out-of-Bounds-Reads und -Writes oder ein Double-Free-Problem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038984"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47436"
    },
    {
      "cve": "CVE-2024-47437",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Substance 3D Painter. Diese Fehler sind auf mehrere Sicherheitsl\u00fccken zur\u00fcckzuf\u00fchren, darunter Heap-basierte Puffer\u00fcberl\u00e4ufe, Out-of-Bounds-Reads und -Writes oder ein Double-Free-Problem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038984"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47437"
    },
    {
      "cve": "CVE-2024-47438",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Substance 3D Painter. Diese Fehler sind auf mehrere Sicherheitsl\u00fccken zur\u00fcckzuf\u00fchren, darunter Heap-basierte Puffer\u00fcberl\u00e4ufe, Out-of-Bounds-Reads und -Writes oder ein Double-Free-Problem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038984"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47438"
    },
    {
      "cve": "CVE-2024-47439",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Substance 3D Painter. Diese Fehler sind auf mehrere Sicherheitsl\u00fccken zur\u00fcckzuf\u00fchren, darunter Heap-basierte Puffer\u00fcberl\u00e4ufe, Out-of-Bounds-Reads und -Writes oder ein Double-Free-Problem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038984"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47439"
    },
    {
      "cve": "CVE-2024-47440",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Substance 3D Painter. Diese Fehler sind auf mehrere Sicherheitsl\u00fccken zur\u00fcckzuf\u00fchren, darunter Heap-basierte Puffer\u00fcberl\u00e4ufe, Out-of-Bounds-Reads und -Writes oder ein Double-Free-Problem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038984"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-47440"
    },
    {
      "cve": "CVE-2024-49515",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Substance 3D Painter. Diese Fehler sind auf mehrere Sicherheitsl\u00fccken zur\u00fcckzuf\u00fchren, darunter Heap-basierte Puffer\u00fcberl\u00e4ufe, Out-of-Bounds-Reads und -Writes oder ein Double-Free-Problem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038984"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-49515"
    },
    {
      "cve": "CVE-2024-49516",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Substance 3D Painter. Diese Fehler sind auf mehrere Sicherheitsl\u00fccken zur\u00fcckzuf\u00fchren, darunter Heap-basierte Puffer\u00fcberl\u00e4ufe, Out-of-Bounds-Reads und -Writes oder ein Double-Free-Problem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038984"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-49516"
    },
    {
      "cve": "CVE-2024-49517",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Substance 3D Painter. Diese Fehler sind auf mehrere Sicherheitsl\u00fccken zur\u00fcckzuf\u00fchren, darunter Heap-basierte Puffer\u00fcberl\u00e4ufe, Out-of-Bounds-Reads und -Writes oder ein Double-Free-Problem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038984"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-49517"
    },
    {
      "cve": "CVE-2024-49518",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Substance 3D Painter. Diese Fehler sind auf mehrere Sicherheitsl\u00fccken zur\u00fcckzuf\u00fchren, darunter Heap-basierte Puffer\u00fcberl\u00e4ufe, Out-of-Bounds-Reads und -Writes oder ein Double-Free-Problem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038984"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-49518"
    },
    {
      "cve": "CVE-2024-49519",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Substance 3D Painter. Diese Fehler sind auf mehrere Sicherheitsl\u00fccken zur\u00fcckzuf\u00fchren, darunter Heap-basierte Puffer\u00fcberl\u00e4ufe, Out-of-Bounds-Reads und -Writes oder ein Double-Free-Problem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038984"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-49519"
    },
    {
      "cve": "CVE-2024-49520",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Substance 3D Painter. Diese Fehler sind auf mehrere Sicherheitsl\u00fccken zur\u00fcckzuf\u00fchren, darunter Heap-basierte Puffer\u00fcberl\u00e4ufe, Out-of-Bounds-Reads und -Writes oder ein Double-Free-Problem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038984"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-49520"
    },
    {
      "cve": "CVE-2024-49525",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Creative Cloud Substance 3D Painter. Diese Fehler sind auf mehrere Sicherheitsl\u00fccken zur\u00fcckzuf\u00fchren, darunter Heap-basierte Puffer\u00fcberl\u00e4ufe, Out-of-Bounds-Reads und -Writes oder ein Double-Free-Problem. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038984"
        ]
      },
      "release_date": "2024-11-12T23:00:00.000+00:00",
      "title": "CVE-2024-49525"
    }
  ]
}

CVE-2024-45114 (GCVE-0-2024-45114)

Vulnerability from cvelistv5 – Published: 2024-11-12 18:54 – Updated: 2024-11-12 19:58

Title

Illustrator | Out-of-bounds Write (CWE-787)

Summary

Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write (CWE-787)

Assigner

adobe

References

1 reference

URL	Tags
https://helpx.adobe.com/security/products/illustr…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Adobe	Illustrator	Affected: 0 , ≤ 28.7.1 (semver)

Date Public

2024-11-12 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "illustrator",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "28.7.1",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45114",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-12T19:47:35.091112Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T19:58:59.174Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Illustrator",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "28.7.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-11-12T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "Out-of-bounds Write (CWE-787)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-12T18:54:11.368Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/illustrator/apsb24-87.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Illustrator | Out-of-bounds Write (CWE-787)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-45114",
    "datePublished": "2024-11-12T18:54:11.368Z",
    "dateReserved": "2024-08-21T23:00:59.342Z",
    "dateUpdated": "2024-11-12T19:58:59.174Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45147 (GCVE-0-2024-45147)

Vulnerability from cvelistv5 – Published: 2024-11-12 18:44 – Updated: 2024-11-12 19:53

Title

Bridge | Out-of-bounds Read (CWE-125)

Summary

Bridge versions 13.0.9, 14.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE

CWE-125 - Out-of-bounds Read (CWE-125)

Assigner

adobe

References

1 reference

URL	Tags
https://helpx.adobe.com/security/products/bridge/…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Adobe	Bridge	Affected: 0 , ≤ 14.1.2 (semver)

Date Public

2024-11-12 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45147",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-12T19:47:48.488198Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T19:53:34.320Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Bridge",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "14.1.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-11-12T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Bridge versions 13.0.9, 14.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 5.5,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 5.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "Out-of-bounds Read (CWE-125)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-12T18:44:17.716Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/bridge/apsb24-77.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Bridge | Out-of-bounds Read (CWE-125)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-45147",
    "datePublished": "2024-11-12T18:44:17.716Z",
    "dateReserved": "2024-08-21T23:00:59.351Z",
    "dateUpdated": "2024-11-12T19:53:34.320Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-47426 (GCVE-0-2024-47426)

Vulnerability from cvelistv5 – Published: 2024-11-12 20:02 – Updated: 2024-11-16 04:55

Title

Substance3D - Painter | Double Free (CWE-415)

Summary

Substance3D - Painter versions 10.1.0 and earlier are affected by a Double Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-415 - Double Free (CWE-415)

Assigner

adobe

References

1 reference

URL	Tags
https://helpx.adobe.com/security/products/substan…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Adobe	Substance3D - Painter	Affected: 0 , ≤ 10.1.0 (semver)

Date Public

2024-11-12 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:substance_3d_painter:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "substance_3d_painter",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "10.1.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47426",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-16T04:55:40.121Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Substance3D - Painter",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "10.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-11-12T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Substance3D - Painter versions 10.1.0 and earlier are affected by a Double Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-415",
              "description": "Double Free (CWE-415)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-12T20:02:11.650Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Substance3D - Painter | Double Free (CWE-415)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-47426",
    "datePublished": "2024-11-12T20:02:11.650Z",
    "dateReserved": "2024-09-24T17:40:22.370Z",
    "dateUpdated": "2024-11-16T04:55:40.121Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-47427 (GCVE-0-2024-47427)

Vulnerability from cvelistv5 – Published: 2024-11-12 20:02 – Updated: 2024-11-16 04:55

Title

Substance3D - Painter | Out-of-bounds Write (CWE-787)

Summary

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write (CWE-787)

Assigner

adobe

References

1 reference

URL	Tags
https://helpx.adobe.com/security/products/substan…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Adobe	Substance3D - Painter	Affected: 0 , ≤ 10.1.0 (semver)

Date Public

2024-11-12 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:substance_3d_painter:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "substance_3d_painter",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "10.1.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47427",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-16T04:55:41.675Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Substance3D - Painter",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "10.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-11-12T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "Out-of-bounds Write (CWE-787)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-12T20:02:31.610Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Substance3D - Painter | Out-of-bounds Write (CWE-787)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-47427",
    "datePublished": "2024-11-12T20:02:31.610Z",
    "dateReserved": "2024-09-24T17:40:22.370Z",
    "dateUpdated": "2024-11-16T04:55:41.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-47428 (GCVE-0-2024-47428)

Vulnerability from cvelistv5 – Published: 2024-11-12 20:02 – Updated: 2024-12-04 04:55

Title

Substance3D - Painter | Out-of-bounds Write (CWE-787)

Summary

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write (CWE-787)

Assigner

adobe

References

1 reference

URL	Tags
https://helpx.adobe.com/security/products/substan…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Adobe	Substance3D - Painter	Affected: 0 , ≤ 10.1.0 (semver)

Date Public

2024-11-12 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:substance_3d_painter:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "substance_3d_painter",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "10.1.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47428",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-03T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T04:55:29.237Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Substance3D - Painter",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "10.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-11-12T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "Out-of-bounds Write (CWE-787)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-12T20:02:24.773Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Substance3D - Painter | Out-of-bounds Write (CWE-787)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-47428",
    "datePublished": "2024-11-12T20:02:24.773Z",
    "dateReserved": "2024-09-24T17:40:22.370Z",
    "dateUpdated": "2024-12-04T04:55:29.237Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-47429 (GCVE-0-2024-47429)

Vulnerability from cvelistv5 – Published: 2024-11-12 20:02 – Updated: 2024-12-04 04:55

Title

Substance3D - Painter | Out-of-bounds Write (CWE-787)

Summary

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write (CWE-787)

Assigner

adobe

References

1 reference

URL	Tags
https://helpx.adobe.com/security/products/substan…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Adobe	Substance3D - Painter	Affected: 0 , ≤ 10.1.0 (semver)

Date Public

2024-11-12 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:substance_3d_painter:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "substance_3d_painter",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "10.1.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47429",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-03T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T04:55:30.632Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Substance3D - Painter",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "10.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-11-12T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "Out-of-bounds Write (CWE-787)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-12T20:02:26.354Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Substance3D - Painter | Out-of-bounds Write (CWE-787)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-47429",
    "datePublished": "2024-11-12T20:02:26.354Z",
    "dateReserved": "2024-09-24T17:40:22.370Z",
    "dateUpdated": "2024-12-04T04:55:30.632Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-47430 (GCVE-0-2024-47430)

Vulnerability from cvelistv5 – Published: 2024-11-12 20:02 – Updated: 2024-12-04 04:55

Title

Substance3D - Painter | Out-of-bounds Write (CWE-787)

Summary

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write (CWE-787)

Assigner

adobe

References

1 reference

URL	Tags
https://helpx.adobe.com/security/products/substan…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Adobe	Substance3D - Painter	Affected: 0 , ≤ 10.1.0 (semver)

Date Public

2024-11-12 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:substance_3d_painter:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "substance_3d_painter",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "10.1.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47430",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-03T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T04:55:31.864Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Substance3D - Painter",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "10.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-11-12T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "Out-of-bounds Write (CWE-787)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-12T20:02:23.124Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Substance3D - Painter | Out-of-bounds Write (CWE-787)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-47430",
    "datePublished": "2024-11-12T20:02:23.124Z",
    "dateReserved": "2024-09-24T17:40:22.371Z",
    "dateUpdated": "2024-12-04T04:55:31.864Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-47431 (GCVE-0-2024-47431)

Vulnerability from cvelistv5 – Published: 2024-11-12 20:02 – Updated: 2024-12-04 04:55

Title

Substance3D - Painter | Heap-based Buffer Overflow (CWE-122)

Summary

Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-122 - Heap-based Buffer Overflow (CWE-122)

Assigner

adobe

References

1 reference

URL	Tags
https://helpx.adobe.com/security/products/substan…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Adobe	Substance3D - Painter	Affected: 0 , ≤ 10.1.0 (semver)

Date Public

2024-11-12 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:substance_3d_painter:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "substance_3d_painter",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "10.1.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47431",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-03T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T04:55:35.467Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Substance3D - Painter",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "10.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-11-12T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow (CWE-122)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-12T20:02:25.563Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Substance3D - Painter | Heap-based Buffer Overflow (CWE-122)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-47431",
    "datePublished": "2024-11-12T20:02:25.563Z",
    "dateReserved": "2024-09-24T17:40:22.371Z",
    "dateUpdated": "2024-12-04T04:55:35.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-47432 (GCVE-0-2024-47432)

Vulnerability from cvelistv5 – Published: 2024-11-12 20:02 – Updated: 2024-11-12 20:25

Title

Substance3D - Painter | Out-of-bounds Write (CWE-787)

Summary

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write (CWE-787)

Assigner

adobe

References

1 reference

URL	Tags
https://helpx.adobe.com/security/products/substan…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Adobe	Substance3D - Painter	Affected: 0 , ≤ 10.1.0 (semver)

Date Public

2024-11-12 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:substance_3d_painter:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "substance_3d_painter",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "10.1.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47432",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-12T20:15:23.350217Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T20:25:30.836Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Substance3D - Painter",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "10.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-11-12T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "Out-of-bounds Write (CWE-787)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-12T20:02:16.894Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Substance3D - Painter | Out-of-bounds Write (CWE-787)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-47432",
    "datePublished": "2024-11-12T20:02:16.894Z",
    "dateReserved": "2024-09-24T17:40:22.371Z",
    "dateUpdated": "2024-11-12T20:25:30.836Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-47433 (GCVE-0-2024-47433)

Vulnerability from cvelistv5 – Published: 2024-11-12 20:02 – Updated: 2024-11-12 20:25

Title

Substance3D - Painter | Out-of-bounds Write (CWE-787)

Summary

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write (CWE-787)

Assigner

adobe

References

1 reference

URL	Tags
https://helpx.adobe.com/security/products/substan…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Adobe	Substance3D - Painter	Affected: 0 , ≤ 10.1.0 (semver)

Date Public

2024-11-12 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:substance_3d_painter:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "substance_3d_painter",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "10.1.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47433",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-12T20:15:50.352026Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T20:25:31.160Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Substance3D - Painter",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "10.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-11-12T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "Out-of-bounds Write (CWE-787)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-12T20:02:14.889Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Substance3D - Painter | Out-of-bounds Write (CWE-787)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-47433",
    "datePublished": "2024-11-12T20:02:14.889Z",
    "dateReserved": "2024-09-24T17:40:22.371Z",
    "dateUpdated": "2024-11-12T20:25:31.160Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2024-3421

CVE-2024-45114 (GCVE-0-2024-45114)

CVE-2024-45147 (GCVE-0-2024-45147)

CVE-2024-47426 (GCVE-0-2024-47426)

CVE-2024-47427 (GCVE-0-2024-47427)

CVE-2024-47428 (GCVE-0-2024-47428)

CVE-2024-47429 (GCVE-0-2024-47429)

CVE-2024-47430 (GCVE-0-2024-47430)

CVE-2024-47431 (GCVE-0-2024-47431)

CVE-2024-47432 (GCVE-0-2024-47432)

CVE-2024-47433 (GCVE-0-2024-47433)

Tags

Sightings

Nomenclature