Substance 3d Painter

Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds memory read in Substance 3D Painter 11.1.2 and earlier allows attackers to expose sensitive data from application memory. Exploitation requires a user to open a malicious file, making this a local attack vector dependent on social engineering. No patch is currently available for this vulnerability.

Substance 3D Painter versions 11.1.2 and earlier contain a null pointer dereference that allows local attackers to crash the application by tricking users into opening malicious files. This denial-of-service vulnerability requires user interaction but requires no elevated privileges to exploit. No patch is currently available for this medium-severity issue.

Substance 3D Painter versions 11.1.2 and earlier contain a null pointer dereference that enables local denial-of-service attacks when users open specially crafted files. An attacker can crash the application to disrupt workflow, though exploitation requires user interaction and no patch is currently available. The vulnerability has a moderate CVSS score of 5.5 with zero percent estimated exploitation probability.

Out-of-bounds memory read in Substance 3D Painter 11.1.2 and earlier enables attackers to leak sensitive data from application memory when a user opens a specially crafted file. This local vulnerability requires user interaction but poses a meaningful confidentiality risk to designers and artists using affected versions. No patch is currently available.

Substance 3D Painter versions 11.1.2 and earlier contain a null pointer dereference vulnerability that allows local attackers to crash the application by convincing users to open a malicious file. This denial-of-service impact disrupts application availability, though no patch is currently available. User interaction is required for exploitation, and the vulnerability affects local attack scenarios only.

Denial-of-service in Substance 3D Painter 11.1.2 and earlier stems from improper null pointer handling that crashes the application when processing malicious files. An attacker can trigger this crash by tricking a user into opening a specially crafted file, temporarily disrupting the victim's workflow. No patch is currently available to address this vulnerability.

Memory disclosure in Substance 3D Painter 11.1.2 and earlier allows attackers to read sensitive data from process memory through an out-of-bounds read vulnerability. Exploitation requires user interaction, as victims must open a specially crafted malicious file. No patch is currently available for this vulnerability.

Denial-of-service crashes in Adobe Substance 3D Painter versions 11.1.2 and earlier stem from a null pointer dereference vulnerability triggered when users open specially crafted files. An attacker can exploit this flaw to force application crashes and disrupt user workflows, though no patch is currently available. Exploitation requires social engineering to convince victims to open a malicious file.

Substance 3D Painter versions 11.1.2 and earlier contain a null pointer dereference vulnerability that allows local attackers to crash the application by tricking users into opening a malicious file. This denial-of-service condition disrupts workflow for affected users, though no patch is currently available. The vulnerability requires user interaction and does not enable code execution or data compromise.

Arbitrary code execution in Adobe Substance 3D Painter versions 11.0.3 and earlier through an out-of-bounds write flaw allows attackers to execute commands with user privileges when a victim opens a crafted file. The vulnerability requires user interaction but carries high impact potential across confidentiality, integrity, and availability. No patch is currently available for affected users.

Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

CVE-2025-47108 is an out-of-bounds write vulnerability in Adobe Substance3D Painter versions 11.0.1 and earlier that allows arbitrary code execution with user-level privileges. The vulnerability requires user interaction-specifically opening a malicious file-making it a file-based attack vector. While no CVSS:3.1 score of 7.8 indicates high severity with local attack surface, exploitation depends on social engineering to deliver the malicious file.

Substance3D - Painter versions 11.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.