{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47438", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "state": "PUBLISHED", "assignerShortName": "adobe", "dateReserved": "2024-09-24T17:40:22.372Z", "datePublished": "2024-11-12T20:02:14.066Z", "dateUpdated": "2024-11-12T20:25:31.310Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Substance3D - Painter", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "10.1.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2024-11-12T17:00:00.000Z", "descriptions": [{"lang": "en", "value": "Substance3D - Painter versions 10.1.0 and earlier are affected by a Write-what-where Condition vulnerability that could lead to a memory leak. This vulnerability allows an attacker to write a controlled value at a controlled memory location, which could result in the disclosure of sensitive memory content. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-123", "description": "Write-what-where Condition (CWE-123)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2024-11-12T20:02:14.066Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Substance3D - Painter | Write-what-where Condition (CWE-123)"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47438", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-12T20:16:04.087743Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:adobe:substance_3d_painter:*:*:*:*:*:*:*:*"], "vendor": "adobe", "product": "substance_3d_painter", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "10.1.0"}], "defaultStatus": "unknown"}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T20:25:31.310Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47438", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-12T20:16:04.087743Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:adobe:substance_3d_painter:*:*:*:*:*:*:*:*"], "vendor": "adobe", "product": "substance_3d_painter", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "10.1.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T20:16:44.234Z"}}], "cna": {"title": "Substance3D - Painter | Write-what-where Condition (CWE-123)", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "modifiedScope": "UNCHANGED", "temporalScore": 5.5, "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "temporalSeverity": "MEDIUM", "availabilityImpact": "NONE", "environmentalScore": 5.5, "privilegesRequired": "NONE", "exploitCodeMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "LOCAL", "confidentialityImpact": "HIGH", "environmentalSeverity": "MEDIUM", "availabilityRequirement": "NOT_DEFINED", "modifiedIntegrityImpact": "NONE", "modifiedUserInteraction": "REQUIRED", "modifiedAttackComplexity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAvailabilityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedConfidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Adobe", "product": "Substance3D - Painter", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "10.1.0"}], "defaultStatus": "affected"}], "datePublic": "2024-11-12T17:00:00.000Z", "references": [{"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Substance3D - Painter versions 10.1.0 and earlier are affected by a Write-what-where Condition vulnerability that could lead to a memory leak. This vulnerability allows an attacker to write a controlled value at a controlled memory location, which could result in the disclosure of sensitive memory content. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-123", "description": "Write-what-where Condition (CWE-123)"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2024-11-12T20:02:14.066Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47438", "state": "PUBLISHED", "dateUpdated": "2024-11-12T20:25:31.310Z", "dateReserved": "2024-09-24T17:40:22.372Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2024-11-12T20:02:14.066Z", "assignerShortName": "adobe"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:substance_3d_painter:*:*:*:*:*:*:*:*", "matchCriteriaId": "2685544B-784F-49A0-9BE0-B209DC10D16E", "versionEndExcluding": "10.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Substance3D - Painter versions 10.1.0 and earlier are affected by a Write-what-where Condition vulnerability that could lead to a memory leak. This vulnerability allows an attacker to write a controlled value at a controlled memory location, which could result in the disclosure of sensitive memory content. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}, {"lang": "es", "value": "Las versiones 10.1.0 y anteriores de Substance3D - Painter se ven afectadas por una vulnerabilidad de condici\u00f3n de escritura que podr\u00eda provocar una p\u00e9rdida de memoria. Esta vulnerabilidad permite a un atacante escribir un valor controlado en una ubicaci\u00f3n de memoria controlada, lo que podr\u00eda provocar la divulgaci\u00f3n de contenido confidencial de la memoria. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."}], "id": "CVE-2024-47438", "lastModified": "2024-11-13T19:13:57.320", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@adobe.com", "type": "Primary"}]}, "published": "2024-11-12T20:15:10.720", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-123"}], "source": "psirt@adobe.com", "type": "Secondary"}]}

{}