CVE-2024-53004

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Dec 10, 2024
Updated: Dec 12, 2024
CWE ID 125

Summary

CVE-2024-53004 is a newly disclosed vulnerability that impacts Substance3D's Modeler versions 1.14.1 and below. This issue is classified as an out-of-bounds read vulnerability, which means that memory beyond the designated bounds of an application's buffer can be accessed. The consequences of this vulnerability are severe, as sensitive memory can be disclosed, potentially exposing sensitive data. An attacker could exploit this flaw to bypass Address Space Layout Randomization (ASLR) mitigations, making it easier to execute further attacks. Importantly, this issue requires user interaction, meaning that a victim must open a maliciously crafted file for exploitation to occur.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share