CVE-2023-29286: 
Adobe Substance 3D Painter vulnerability analysis and mitigation

Adobe Substance 3D Painter versions 8.3.0 and earlier contain an Access of Uninitialized Pointer vulnerability identified as CVE-2023-29286. The vulnerability was disclosed on May 9, 2023, and affects the core functionality of the software. This security issue requires user interaction, specifically opening a malicious file, to be exploited (NVD).

The vulnerability is classified as CWE-824 (Access of Uninitialized Pointer) and has received a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access and user interaction, with potential high impact on confidentiality but no impact on integrity or availability (NVD).

The vulnerability could lead to the disclosure of sensitive memory information and potentially allow attackers to bypass security mitigations such as Address Space Layout Randomization (ASLR). This could compromise the system's security protections and expose sensitive data (NVD).

Adobe has addressed this vulnerability in versions after 8.3.0 of Substance 3D Painter. Users are advised to update to the latest version of the software to mitigate this security risk (Adobe Advisory).