Login Sign Up

CVE-2024-20742

7.8 HIGH

📋 TL;DR

CVE-2024-20742 is an out-of-bounds read vulnerability in Substance3D Painter that could allow arbitrary code execution when a user opens a malicious file. Attackers could exploit this to run code with the victim's privileges. Users of Substance3D Painter versions 9.1.1 and earlier are affected.

💻 Affected Systems

Products:
  • Adobe Substance3D Painter
Versions: 9.1.1 and earlier
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable by default when processing files.

📦 What is this software?

Substance 3d Painter by Adobe

View all CVEs affecting Substance 3d Painter →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the logged-in user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to user files and system resources, with potential for persistence mechanisms.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially only causing application crashes.

🌐 Internet-Facing: LOW - Exploitation requires user interaction to open malicious files, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious files, but requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) and knowledge of file format parsing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.1.2 or later

Vendor Advisory: https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html

Restart Required: Yes

Instructions:

1. Open Substance3D Painter. 2. Go to Help > Check for Updates. 3. Follow prompts to install version 9.1.2 or later. 4. Restart the application.

🔧 Temporary Workarounds

Restrict file opening

all

Only open Substance3D Painter files from trusted sources and disable automatic file associations

Application sandboxing

all

Run Substance3D Painter in restricted mode or sandboxed environment

🧯 If You Can't Patch

  • Implement application whitelisting to prevent execution of unauthorized code
  • Use least privilege accounts for running Substance3D Painter and implement file integrity monitoring

🔍 How to Verify

Check if Vulnerable:

Check Substance3D Painter version in Help > About. If version is 9.1.1 or earlier, system is vulnerable.

Check Version:

Open Substance3D Painter and navigate to Help > About

Verify Fix Applied:

Verify version is 9.1.2 or later in Help > About and test opening known safe files.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with memory access violations
  • Unexpected file parsing errors
  • Unusual process creation from Substance3D Painter

Network Indicators:

  • Unusual outbound connections after file opening
  • File downloads from untrusted sources

SIEM Query:

Process creation where parent_process contains 'Substance3D Painter' AND process_name NOT IN (expected_process_list)

📊 Metadata

CVE ID: CVE-2024-20742
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-125
Published: February 15, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-20742, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)