Substance 3d Designer
CVE-2026-21338
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Substance 3D Designer 15.1.0 and earlier contains a null pointer dereference vulnerability that allows local attackers to crash the application by tricking users into opening malicious files. This denial-of-service attack requires user interaction but causes service disruption with no mitigation patch currently available.
Technical ContextAI
Classified as CWE-476 (NULL Pointer Dereference). Affects Substance 3D Designer. Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
RemediationAI
Monitor vendor advisories for a patch.
More in Substance 3d Designer
View allSubstance3D - Designer versions 14.0.2 and earlier are affected by an out-of-bounds write vulnerability that could resul
Arbitrary code execution in Substance 3D Designer 15.0.3 and earlier results from an out-of-bounds write vulnerability t
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result
Arbitrary code execution in Substance 3D Designer 15.1.0 and earlier via an out-of-bounds write vulnerability that trigg
Arbitrary code execution in Substance 3D Designer 15.1.0 and earlier through an out-of-bounds write vulnerability that r
Substance3D - Designer versions 13.1.2 and earlier are affected by an out-of-bounds write vulnerability that could resul
Substance3D - Designer versions 13.1.0 and earlier are affected by an out-of-bounds read vulnerability when parsing a cr
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds writ
Adobe Substance 3D Designer version 12.4.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allShare
External POC / Exploit Code
Leaving vuln.today