Substance3D Painter Users Beware of Malicious Files

CVECVE-2024-20743
CVSScvssV3_1: 7.8
SourceCVE-2024-20743

Substance3D Painter, a 3D painting and texturing software, has a vulnerability in versions 9.1.1 and earlier that could allow hackers to take control of your computer.

The flaw is an “out-of-bounds write” bug that happens when Painter opens specially crafted files. This can trick the software into storing code in memory in a way that lets hackers run their own commands.

Attackers could create malicious files disguising as regular 3D textures or materials. If an unsuspecting Painter user opens one of these files, the hackers’ code would execute automatically with the same privileges as the user. This gives them full access to install programs, view and change data, or do other damage.

The best way to protect yourself is to keep your Painter updated with the latest version from Substance3D, which has fixed this issue. You should also be cautious about opening files from untrusted sources and scan any downloads with antivirus software before opening them in Painter.

Being aware of the risks can help keep your creative work and personal information safe from cybercriminals trying to abuse software vulnerabilities. Always verify the source of any files before opening them in 3D applications.

References