Substance 3d Designer
CVE-2026-21336
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Denial-of-service in Adobe Substance 3D Designer version 15.1.0 and earlier stems from a null pointer dereference vulnerability that crashes the application when a user opens a malicious file. The attack requires no special privileges and relies solely on user interaction to trigger the crash. No patch is currently available for this vulnerability.
Technical ContextAI
Classified as CWE-476 (NULL Pointer Dereference). Affects Substance 3D Designer. Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
RemediationAI
Monitor vendor advisories for a patch.
More in Substance 3d Designer
View allSubstance3D - Designer versions 14.0.2 and earlier are affected by an out-of-bounds write vulnerability that could resul
Arbitrary code execution in Substance 3D Designer 15.0.3 and earlier results from an out-of-bounds write vulnerability t
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result
Arbitrary code execution in Substance 3D Designer 15.1.0 and earlier via an out-of-bounds write vulnerability that trigg
Arbitrary code execution in Substance 3D Designer 15.1.0 and earlier through an out-of-bounds write vulnerability that r
Substance3D - Designer versions 13.1.2 and earlier are affected by an out-of-bounds write vulnerability that could resul
Substance3D - Designer versions 13.1.0 and earlier are affected by an out-of-bounds read vulnerability when parsing a cr
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds writ
Adobe Substance 3D Designer version 12.4.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allShare
External POC / Exploit Code
Leaving vuln.today