Adobe Substance 3d Designer
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Adobe Substance 3d Designer.
By the Year
In 2026 there have been 9 vulnerabilities in Adobe Substance 3d Designer with an average score of 6.3 out of ten. Last year, in 2025 Substance 3d Designer had 12 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Substance 3d Designer in 2026 could surpass last years number. Last year, the average CVE base score was greater by 1.15
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 9 | 6.27 |
| 2025 | 12 | 7.42 |
| 2024 | 3 | 7.03 |
| 2023 | 14 | 7.31 |
It may take a day or so for new Substance 3d Designer vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Adobe Substance 3d Designer Security Vulnerabilities
Substance3D Designer OOB Read before 15.1.0 via malicious file
CVE-2026-21337
5.5 - Medium
- February 10, 2026
Substance3D - Designer versions 15.1.0 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Designer <15.1.0 OOB WriteArbitrary Exec
CVE-2026-21335
7.8 - High
- February 10, 2026
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Designer <15.1.0: OOB read memory disclosure
CVE-2026-21339
5.5 - Medium
- February 10, 2026
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Designer OOB Write CVE-2026-21334 (v15.1.0 or earlier)
CVE-2026-21334
7.8 - High
- February 10, 2026
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Designer 15.1.0 NPE causes DoS via malicious file
CVE-2026-21338
5.5 - Medium
- February 10, 2026
Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
OOB Read in Adobe Substance3D Designer <15.1 Exposes Data (CVE-2026-21340)
CVE-2026-21340
5.5 - Medium
- February 10, 2026
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Designer <=15.1.0 NULL Pointer Denial-of-Service
CVE-2026-21336
5.5 - Medium
- February 10, 2026
Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Substance3D Designer <=15.0.3 OOB Read Exposes Memory
CVE-2026-21308
5.5 - Medium
- January 13, 2026
Substance3D - Designer versions 15.0.3 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Out-of-Bounds Write in Substance3D Designer <=15.0.3 Enables Arbitrary CEX
CVE-2026-21307
7.8 - High
- January 13, 2026
Substance3D - Designer versions 15.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Designer 14.1&Earlier: OOB Write -> Arbitrary Code Exec
CVE-2025-21164
7.8 - High
- July 08, 2025
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Out-of-Bounds Write in Substance3D Designer <=14.1 Allows Arbitrary Code Execution
CVE-2025-21165
7.8 - High
- July 08, 2025
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Designer <=14.1 OOB Write in File Parser -> ARC
CVE-2025-21166
7.8 - High
- July 08, 2025
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Designer <14.1 OOB Read – ASLR Bypass via Malicious File
CVE-2025-21167
5.5 - Medium
- July 08, 2025
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Designer <14.1: OOB read disclosure & ASLR bypass
CVE-2025-21168
5.5 - Medium
- July 08, 2025
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
OOB Write in Substance3D Designer 14.1 leading to Code Execution
CVE-2025-27172
7.8 - High
- March 11, 2025
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Designer <14.1: Heap BF -> Arbitrary Code Exec
CVE-2025-21169
7.8 - High
- March 11, 2025
Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
OOB Write in Adobe Substance3D Designer <14.0.2 Code Exec
CVE-2025-21161
7.8 - High
- February 11, 2025
Substance3D - Designer versions 14.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Designer 14.0 and earlier: OOB Write Arbitrary Code Exec
CVE-2025-21136
7.8 - High
- January 14, 2025
Substance3D - Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Designer <=14.0 Heap Buffer Overflow => Arbitrary Code Exec
CVE-2025-21137
7.8 - High
- January 14, 2025
Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Designer <14.0 Heap Buffer Overflow Arbitrary Code Execution
CVE-2025-21139
7.8 - High
- January 14, 2025
Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Designer <14.0 OOB Write for RCE
CVE-2025-21138
7.8 - High
- January 14, 2025
Substance3D - Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Designer13.1.2 OOB Write CVE202441864
CVE-2024-41864
7.8 - High
- August 14, 2024
Substance3D - Designer versions 13.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
OOB Read in Substance3D Designer <13.1.1
CVE-2024-30281
5.5 - Medium
- May 16, 2024
Substance3D - Designer versions 13.1.1 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Designer <13.1.0 - OOB read in file parser, code exec possible
CVE-2024-20750
7.8 - High
- February 15, 2024
Substance3D - Designer versions 13.1.0 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Substance 3D Designer 13.x OOB Write Arbitrary Code Exec
CVE-2023-48639
7.8 - High
- December 13, 2023
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance 3D Designer OOB Read (pre-13.1) Leads to ASLR Bypass
CVE-2023-48638
5.5 - Medium
- December 13, 2023
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Substance 3D Designer <=13.1 OOB read leaks sensitive memory
CVE-2023-48637
5.5 - Medium
- December 13, 2023
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Substance 3D Designer <13.2: OOB Read Leakage
CVE-2023-48636
5.5 - Medium
- December 13, 2023
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Substance 3D Designer: AUP Vulnerability (pre12.4.1)
CVE-2023-21618
7.8 - High
- June 15, 2023
Adobe Substance 3D Designer version 12.4.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Access of Uninitialized Pointer
Adobe Substance 3D Designer 12.4.0 and earlier OOB Read in File Parsing
CVE-2023-26398
7.8 - High
- April 13, 2023
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Substance 3D Designer 12.4.0 OOB Read to Code Exec
CVE-2023-26409
7.8 - High
- April 13, 2023
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Subst3D Desgn 12.4UAF Causing Exec via Malicious File
CVE-2023-26410
7.8 - High
- April 13, 2023
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe Substance 3D Designer <12.4.0 OOB Read Allowing Code Execution
CVE-2023-26411
7.8 - High
- April 13, 2023
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Substance 3D Designer 12.4.0- Stack-based Buffer Overflow CVE-2023-26412
CVE-2023-26412
7.8 - High
- April 13, 2023
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Heap Overflow in Adobe Substance 3D Designer 12.4 & Earlier: Code Exec
CVE-2023-26413
7.8 - High
- April 13, 2023
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Substance 3D Designer 12.4.0 UAF Enables Code Execution
CVE-2023-26414
7.8 - High
- April 13, 2023
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
OOB Write Arbitrary Code Exec in Adobe Substance 3D Designer <12.4.0
CVE-2023-26415
7.8 - High
- April 13, 2023
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Substance 3D Designer 12.4.0 Buffer Overflow Arbitrary Code Execution
CVE-2023-26416
7.8 - High
- April 13, 2023
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Adobe Substance 3d Designer or by Adobe? Click the Watch button to subscribe.
