CVE-2024-49522: 
Adobe Substance 3D Painter vulnerability analysis and mitigation

Adobe Substance 3D Painter versions 10.0.1 and earlier are affected by an out-of-bounds write vulnerability identified as CVE-2024-49522. The vulnerability was disclosed on November 5, 2024, and requires user interaction through opening a malicious file to be exploited (NVD, ASEC).

The vulnerability is classified as an out-of-bounds write (CWE-787) issue. According to the CVSS 3.1 scoring, it has received a base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access and user interaction, but no privileges, while potentially affecting confidentiality, integrity, and availability at high levels (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The high CVSS score indicates significant potential impact on system security, affecting multiple security aspects including confidentiality, integrity, and availability (NVD).

Adobe has released version 10.1.0 of Substance 3D Painter to address this vulnerability. Users of affected versions (10.0.1 and earlier) are strongly advised to update to the latest version (ASEC).