CVE-2024-20715: 
Adobe Substance 3D Stager vulnerability analysis and mitigation

Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that was disclosed on January 10, 2024. The vulnerability affects both Windows and macOS operating systems running Adobe Substance 3D Stager software (NVD, CVE).

The vulnerability is classified as an out-of-bounds read (CWE-125) issue that could potentially expose sensitive memory information. The CVSS v3.1 base score is 5.5 (Medium), with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access and user interaction, has no impact on integrity or availability, but could result in high confidentiality impact (NVD).

The vulnerability could lead to disclosure of sensitive memory information. Additionally, attackers could potentially leverage this vulnerability to bypass security mitigations such as Address Space Layout Randomization (ASLR). However, successful exploitation requires user interaction, specifically opening a malicious file (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Substance 3D Stager (Adobe Advisory).