CVE-2024-20711: 
Adobe Substance 3D Stager vulnerability analysis and mitigation

Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability identified as CVE-2024-20711. This vulnerability could lead to disclosure of sensitive memory and potentially allow attackers to bypass security mitigations such as Address Space Layout Randomization (ASLR). The vulnerability requires user interaction, specifically opening a malicious file, to be exploited (Adobe Advisory).

The vulnerability is classified as an out-of-bounds read (CWE-125) with a CVSS v3.1 base score of 5.5 (Medium). The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating local access, low attack complexity, no privileges required, user interaction required, unchanged scope, high confidentiality impact, and no impact on integrity or availability (NVD).

The successful exploitation of this vulnerability could result in the disclosure of sensitive memory information. This information disclosure could potentially be leveraged by attackers to bypass security mitigations such as ASLR, which is designed to prevent memory-based attacks (GBHackers).

Adobe has released version 2.1.4 of Substance 3D Stager to address this vulnerability. Users are recommended to update their installation to the newest version via the Creative Cloud desktop app's update mechanism (GBHackers).