CVE-2024-41860

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 14, 2024
CWE ID 125

Summary

CVE-2024-41860 is a newly disclosed vulnerability affecting Substance3D's Sampler, versions 4.5 and prior. This out-of-bounds read weakness allows an attacker to access sensitive memory beyond designated boundaries. By doing so, they could potentially bypass security mechanisms like Address Space Layout Randomization (ASLR). Crucially, exploitation of this issue necessitates user interaction. A victim must open a specially crafted file in order for the attack to be executed.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share