CVE-2024-20744: 
Adobe Substance 3D Painter vulnerability analysis and mitigation

Adobe Substance3D - Painter versions 9.1.1 and earlier contain an out-of-bounds write vulnerability (CVE-2024-20744) that was disclosed on February 15, 2024. This security flaw affects the Substance3D Painter software and requires user interaction through opening a malicious file to be exploited (NVD).

The vulnerability is classified as an out-of-bounds write issue (CWE-787) with a CVSS v3.1 base score of 7.8 (HIGH), and vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that while local access and user interaction are required, the vulnerability can lead to high impacts on confidentiality, integrity, and availability (NVD).

Successful exploitation of this vulnerability could result in arbitrary code execution in the context of the current user. This means an attacker could potentially execute malicious code, install programs, view or modify data, or create new accounts with user rights, depending on the privileges of the compromised user account (CIS Advisory).

Adobe has released updates to address this vulnerability. Users are advised to update their Substance3D Painter installations to versions newer than 9.1.1. Organizations should apply these updates after appropriate testing and follow the principle of least privilege for user accounts (Adobe Advisory).