CVE-2024-47438

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 12, 2024
Updated: Nov 13, 2024
CWE ID 787
CWE ID 123

Summary

CVE-2024-47438 is a Write-what-where Condition vulnerability affecting Substance3D Painter versions 10.1.0 and prior. This issue grants attackers the ability to write data to a designated memory location, potentially leading to a memory leak. The exploitation of this vulnerability necessitates user interaction, as the victim must open a maliciously-crafted file for the attack to be successful. Successful exploitation could result in the disclosure of sensitive information residing in the affected memory.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share