As many as 6 security holes in a popular product will no longer harm digital artists.
Adobe has released a security update that addresses 6 vulnerabilities in the Substance 3D Stager product. Their successful operation can lead to memory leaks and arbitrary code execution.
Substance 3D Stager is an advanced tool for creating 3D scenes using real-time visualization and high-quality rendering.
At the time of the update's release, none of the vulnerabilities Adobe had fixed were publicly known. Apparently, they were not used in real attacks either.
The full list of patched vulnerabilities can be found below. They received the following IDs: CVE-2024-20710, CVE-2024-20711, CVE-2024-20712, CVE-2024-20713 , CVE-2024-20714, CVE-2024-20715 .
Out-of-bounds or Out-of-buffer vulnerabilities allow a remote attacker to gain access to potentially sensitive information. These vulnerabilities exist due to an error in checking border conditions. A remote attacker can create a specially generated file, force the victim to open it, cause a buffer overflow error, and read the system's memory.
The vulnerability CVE-2024-20713 with the category "Improper Input Validation" or "Incorrect verification of input data" allows a remote attacker to gain access to a compromised machine. The vulnerability is caused by insufficient verification of data entered by the user. A remote attacker can trick the user into opening a specially created malicious file and then gain control of the system and run arbitrary code.
The detected vulnerabilities affect the versions of Substance 3D Stager for Windows and macOS version 2.1.3 and earlier. To avoid any risks, we recommend that you upgrade to the secure version number 2.1.4, if this has not already happened automatically.
Adobe has released a security update that addresses 6 vulnerabilities in the Substance 3D Stager product. Their successful operation can lead to memory leaks and arbitrary code execution.
Substance 3D Stager is an advanced tool for creating 3D scenes using real-time visualization and high-quality rendering.
At the time of the update's release, none of the vulnerabilities Adobe had fixed were publicly known. Apparently, they were not used in real attacks either.
The full list of patched vulnerabilities can be found below. They received the following IDs: CVE-2024-20710, CVE-2024-20711, CVE-2024-20712, CVE-2024-20713 , CVE-2024-20714, CVE-2024-20715 .
Out-of-bounds or Out-of-buffer vulnerabilities allow a remote attacker to gain access to potentially sensitive information. These vulnerabilities exist due to an error in checking border conditions. A remote attacker can create a specially generated file, force the victim to open it, cause a buffer overflow error, and read the system's memory.
The vulnerability CVE-2024-20713 with the category "Improper Input Validation" or "Incorrect verification of input data" allows a remote attacker to gain access to a compromised machine. The vulnerability is caused by insufficient verification of data entered by the user. A remote attacker can trick the user into opening a specially created malicious file and then gain control of the system and run arbitrary code.
The detected vulnerabilities affect the versions of Substance 3D Stager for Windows and macOS version 2.1.3 and earlier. To avoid any risks, we recommend that you upgrade to the secure version number 2.1.4, if this has not already happened automatically.
