CVE-2023-29279: 
Adobe Substance 3D Painter vulnerability analysis and mitigation

Adobe Substance 3D Painter versions 8.3.0 and earlier contain an out-of-bounds read vulnerability identified as CVE-2023-29279. This security flaw was disclosed and addressed in May 2023. The vulnerability affects Adobe Substance 3D Painter software installations up to and including version 8.3.0 (NVD).

The vulnerability is classified as an out-of-bounds read (CWE-125) that could potentially expose sensitive memory information. The CVSS v3.1 Base Score is 5.5 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. This indicates a local attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, high confidentiality impact, and no impact on integrity or availability (NVD).

The vulnerability could lead to the disclosure of sensitive memory information. If successfully exploited, an attacker could potentially bypass security mitigations such as ASLR (Address Space Layout Randomization). However, exploitation requires user interaction, specifically opening a malicious file (NVD).

Adobe has addressed this vulnerability in versions after 8.3.0. Users are advised to update their Adobe Substance 3D Painter installations to the latest version to mitigate this security risk (Adobe Advisory).