Adobe Substance 3d Designer
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Adobe Substance 3d Designer.
By the Year
In 2025 there have been 12 vulnerabilities in Adobe Substance 3d Designer with an average score of 7.4 out of ten. Last year, in 2024 Substance 3d Designer had 3 security vulnerabilities published. That is, 9 more vulnerabilities have already been reported in 2025 as compared to last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.38.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 12 | 7.42 |
| 2024 | 3 | 7.03 |
| 2023 | 5 | 6.42 |
It may take a day or so for new Substance 3d Designer vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Adobe Substance 3d Designer Security Vulnerabilities
Substance3D Designer 14.1&Earlier: OOB Write -> Arbitrary Code Exec
CVE-2025-21164
7.8 - High
- July 08, 2025
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Out-of-Bounds Write in Substance3D Designer <=14.1 Allows Arbitrary Code Execution
CVE-2025-21165
7.8 - High
- July 08, 2025
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Designer <=14.1 OOB Write in File Parser -> ARC
CVE-2025-21166
7.8 - High
- July 08, 2025
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Designer <14.1 OOB Read – ASLR Bypass via Malicious File
CVE-2025-21167
5.5 - Medium
- July 08, 2025
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Designer <14.1: OOB read disclosure & ASLR bypass
CVE-2025-21168
5.5 - Medium
- July 08, 2025
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Designer <14.1: Heap BF -> Arbitrary Code Exec
CVE-2025-21169
7.8 - High
- March 11, 2025
Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
OOB Write in Substance3D Designer 14.1 leading to Code Execution
CVE-2025-27172
7.8 - High
- March 11, 2025
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
OOB Write in Adobe Substance3D Designer <14.0.2 Code Exec
CVE-2025-21161
7.8 - High
- February 11, 2025
Substance3D - Designer versions 14.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Designer <=14.0 Heap Buffer Overflow => Arbitrary Code Exec
CVE-2025-21137
7.8 - High
- January 14, 2025
Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Designer 14.0 and earlier: OOB Write Arbitrary Code Exec
CVE-2025-21136
7.8 - High
- January 14, 2025
Substance3D - Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Designer <14.0 OOB Write for RCE
CVE-2025-21138
7.8 - High
- January 14, 2025
Substance3D - Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Designer <14.0 Heap Buffer Overflow Arbitrary Code Execution
CVE-2025-21139
7.8 - High
- January 14, 2025
Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Designer13.1.2 OOB Write CVE202441864
CVE-2024-41864
7.8 - High
- August 14, 2024
Substance3D - Designer versions 13.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
OOB Read in Substance3D Designer <13.1.1
CVE-2024-30281
5.5 - Medium
- May 16, 2024
Substance3D - Designer versions 13.1.1 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Designer <13.1.0 - OOB read in file parser, code exec possible
CVE-2024-20750
7.8 - High
- February 15, 2024
Substance3D - Designer versions 13.1.0 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability
CVE-2023-48636
5.5 - Medium
- December 13, 2023
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability
CVE-2023-48637
5.5 - Medium
- December 13, 2023
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability
CVE-2023-48638
5.5 - Medium
- December 13, 2023
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds write vulnerability
CVE-2023-48639
7.8 - High
- December 13, 2023
Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Substance 3D Designer version 12.4.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability
CVE-2023-21618
7.8 - High
- June 15, 2023
Adobe Substance 3D Designer version 12.4.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Access of Uninitialized Pointer
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Adobe Substance 3d Designer or by Adobe? Click the Watch button to subscribe.
