CVE-2024-20722

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Feb 15, 2024
Updated: Feb 16, 2024
CWE ID 125

Summary

CVE-2024-20722 is a newly disclosed vulnerability affecting Substance3D's Painter software versions 9.1.1 and prior. This issue involves an out-of-bounds read vulnerability, which, when exploited, could result in the disclosure of sensitive memory. Such memory leakage may allow attackers to bypass several security mitigations, including Address Space Layout Randomization (ASLR). User interaction is necessary to exploit this vulnerability, as a victim must open a specially crafted malicious file to trigger the issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share