Adobe released security updates to address six vulnerabilities in the Substance 3D Stager product. These vulnerabilities could potentially lead to a memory leak and arbitrary code execution.
Substance 3D Stager is an advanced tool used for creating 3D scenes with real-time visualization and high-quality rendering.
At the time of the release, none of the vulnerabilities that Adobe addressed were publicly known or exploited in real attacks.
The following is a list of the vulnerabilities that have been patched:
One category of vulnerability identified is “out-of-bounds” or “buffer overflow” which allows a remote attacker to access potentially confidential information. These vulnerabilities occur due to errors in boundary condition checks. An attacker can exploit this vulnerability by sending a specially crafted file that triggers an out-of-bounds error, enabling them to read system memory.
Another identified vulnerability, CVE-2024-20713, falls under the category of “Improper Input Validation” or “Insufficient data verification.” This vulnerability allows a remote attacker to gain control over a compromised machine. The vulnerability is caused by inadequate verification of user-entered data. An attacker can exploit this by tricking a user into opening a malicious file, resulting in the execution of arbitrary code.
The vulnerabilities affect Substance 3D Stager versions 2.1.3 and earlier for Windows and MacOS. Users are