Substance3D Painter Users Beware of Malicious Files

CVSScvssV3_1: 7.8

Substance3D Painter, a 3D modeling and painting software, has a buffer overflow vulnerability that could allow hackers to execute code on users’ devices.

The vulnerability, tracked as CVE-2024-20723, exists in versions 9.1.1 and earlier of Substance3D Painter. It can be exploited by tricking a user into opening a specially crafted file. Hackers could potentially include such malicious files in downloads or shared resources to target Painter users.

If opened, the file would overflow a buffer and crash the application. But it could also inject and run malicious code directly on the user’s system with their permissions. This would give attackers full control of the infected device.

To stay protected, users should update Substance3D Painter to the latest version immediately. It’s also safer to be cautious of any files from unknown or untrusted sources. Downloads should only be opened if you’re certain of their source and purpose.

Following basic cybersecurity practices like keeping software updated, using antivirus software, and avoiding suspicious files can help Substance3D Painter users avoid falling victim to this vulnerability. Staying vigilant is important to protect your devices and data from potential hackers.