CVE-2023-29280: 
Adobe Substance 3D Painter vulnerability analysis and mitigation

Adobe Substance 3D Painter versions 8.3.0 and earlier contain a vulnerability identified as CVE-2023-29280. The vulnerability was discovered and reported to Adobe on February 9, 2023, and was publicly disclosed on May 10, 2023. This security flaw affects the PLY file parsing functionality in Adobe Substance 3D Painter (ZDI Advisory, NVD).

The vulnerability is classified as an out-of-bounds read (CWE-125) that occurs during the parsing of crafted files. The specific flaw exists within the parsing of PLY files and results from inadequate validation of user-supplied data. This can lead to a read past the end of an allocated memory structure. The vulnerability has received a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access with user interaction required (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. The vulnerability could potentially lead to disclosure of sensitive information and, when combined with other vulnerabilities, could enable arbitrary code execution (ZDI Advisory).

Adobe has released an update to address this vulnerability. Users are advised to update their Adobe Substance 3D Painter installations to a version newer than 8.3.0 (Adobe Advisory).