CVE-2024-20742: 
Adobe Substance 3D Painter vulnerability analysis and mitigation

Adobe Substance3D Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability (CVE-2024-20742) when parsing a crafted file. The vulnerability was discovered and disclosed in February 2024, affecting Adobe's 3D painting and texturing software (Adobe Advisory).

The vulnerability is classified as an out-of-bounds read issue (CWE-125) that occurs when parsing a crafted file, which could result in a read past the end of an allocated memory structure. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute code in the context of the current user. The severity of the impact depends on the user's privileges - users with administrative rights would be more severely impacted than those with restricted privileges (CIS Advisory).

Adobe has released updates to address this vulnerability. Users are advised to update to the latest version of Substance3D Painter. Organizations should apply the stable channel update provided by Adobe to vulnerable systems immediately after appropriate testing (Adobe Advisory).