Substance 3d Modeler
CVE-2026-21299
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Arbitrary code execution in Substance 3D Modeler 1.22.4 and earlier via out-of-bounds write vulnerability when processing malicious files. An attacker can execute code with the privileges of the user who opens a crafted file, requiring social engineering for successful exploitation. No patch is currently available for this vulnerability.
Technical ContextAI
Classified as CWE-787 (Out-of-bounds Write). Affects Substance 3D Modeler. Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
RemediationAI
Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.
More in Substance 3d Modeler
View allSubstance3D - Modeler versions 1.21.0 and earlier are affected by an out-of-bounds write vulnerability that could result
Substance3D - Modeler versions 1.21.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that
Arbitrary code execution in Substance 3D Modeler versions 1.22.4 and earlier results from an out-of-bounds write vulnera
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result
Substance3D - Modeler versions 1.14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could
Out-of-bounds memory read in Substance 3D Modeler 1.22.4 and earlier allows disclosure of sensitive information from app
Out-of-bounds memory read in Substance 3D Modeler 1.22.4 and earlier enables disclosure of sensitive data from process m
Memory disclosure in Substance 3D Modeler 1.22.5 and earlier through an out-of-bounds read allows attackers to expose se
Substance 3D Modeler versions 1.22.4 and earlier contain a null pointer dereference vulnerability that causes applicatio
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today