Adobe Substance 3d Painter
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Adobe Substance 3d Painter.
By the Year
In 2026 there have been 10 vulnerabilities in Adobe Substance 3d Painter with an average score of 5.7 out of ten. Last year, in 2025 Substance 3d Painter had 13 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Substance 3d Painter in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.65
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 10 | 5.73 |
| 2025 | 13 | 6.38 |
| 2024 | 39 | 7.09 |
| 2023 | 14 | 7.31 |
It may take a day or so for new Substance 3d Painter vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Adobe Substance 3d Painter Security Vulnerabilities
Substance3D Painter 11.1.2 and Earlier: OOB Read Memory Exposure
CVE-2026-27219
5.5 - Medium
- March 10, 2026
Substance3D - Painter versions 11.1.2 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Substance3D Painter <11.1.2 NULL Ptr Deref DoS
CVE-2026-27218
5.5 - Medium
- March 10, 2026
Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Adobe Substance 3D Painter 11.1.2 NULL Pointer Deref. (DoS)
CVE-2026-27214
5.5 - Medium
- March 10, 2026
Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Adobe Substance Painter 11.1.2 NULL Ptr Deref Denial of Service
CVE-2026-21364
5.5 - Medium
- March 10, 2026
Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Substance3D Painter <=11.1.2 OOB Read in File Parser
CVE-2026-21365
5.5 - Medium
- March 10, 2026
Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Painter 11.1.2: Null Pointer Deref DOS via Malicious File
CVE-2026-27217
5.5 - Medium
- March 10, 2026
Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to its availability. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Substance Painter 11.1.2 OOB Read: memory exposure via malicious file
CVE-2026-27216
5.5 - Medium
- March 10, 2026
Substance3D - Painter versions 11.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Painter11.1.2: NULL PD DoS
CVE-2026-21363
5.5 - Medium
- March 10, 2026
Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Substance3D Painter 11.1.2-Previous NULL Pointer Deref DoS
CVE-2026-27215
5.5 - Medium
- March 10, 2026
Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to its availability. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
OOB write in Substance3D Painter <11.0.3 allows arbitrary code exec
CVE-2026-21305
7.8 - High
- January 13, 2026
Substance3D - Painter versions 11.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Painter OOB Read CVE-2025-54195 - Before 11.0.2
CVE-2025-54195
5.5 - Medium
- August 12, 2025
Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Painter OOB Read (<11.0.2) - info disclosure
CVE-2025-54193
5.5 - Medium
- August 12, 2025
Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance Painter 11.0.2 and earlier: OOB Read Memory Disclosure
CVE-2025-54194
5.5 - Medium
- August 12, 2025
Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
OOB Read in Substance3D Painter <11.0.2 (CVE-2025-54192)
CVE-2025-54192
5.5 - Medium
- August 12, 2025
Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Painter <11.0.2 OOBR Memory Disclosure
CVE-2025-54191
5.5 - Medium
- August 12, 2025
Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Painter 11.0.2 or earlier OOB Read memory disclosure
CVE-2025-54189
5.5 - Medium
- August 12, 2025
Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
OOB Read in Substance3D Painter <11.0.2 Allows Memory Disclosure
CVE-2025-54188
5.5 - Medium
- August 12, 2025
Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance Painter <11.0.2 OOB Read Memory Disclosure (CVE-2025-54190)
CVE-2025-54190
5.5 - Medium
- August 12, 2025
Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Painter <11.0.2: OOB write
CVE-2025-54187
7.8 - High
- August 12, 2025
Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Painter <=11.0.1 UB Write leading to Code Exec
CVE-2025-47108
7.8 - High
- June 10, 2025
Substance3D - Painter versions 11.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Painter OOB Write <12: Arbitrary Code Exec (User-Opens File)
CVE-2025-30322
7.8 - High
- May 13, 2025
Substance3D - Painter versions 11.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Painter <=10.1.2 OOB Write – Arbitrary Code Exec
CVE-2025-24450
7.8 - High
- March 11, 2025
Substance3D - Painter versions 10.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Painter 10.1.2 OOB Write CVE-2025-24451
CVE-2025-24451
7.8 - High
- March 11, 2025
Substance3D - Painter versions 10.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Painter Out-of-Bounds Write Arbitrary Code Execution Vulnerability
CVE-2024-53958
7.8 - High
- December 10, 2024
Substance3D - Painter versions 10.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Painter Heap-based Buffer Overflow Vulnerability
CVE-2024-53957
7.8 - High
- December 10, 2024
Substance3D - Painter versions 10.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Painter Double Free Arbitrary Code Execution Vulnerability
CVE-2024-47426
7.8 - High
- November 12, 2024
Substance3D - Painter versions 10.1.0 and earlier are affected by a Double Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Double-free
Substance3D Painter Heap-based Buffer Overflow Vulnerability
CVE-2024-47431
7.8 - High
- November 12, 2024
Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Painter Out-of-Bounds Write Arbitrary Code Execution Vulnerability
CVE-2024-47432
7.8 - High
- November 12, 2024
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Painter Out-of-Bounds Read Vulnerability
CVE-2024-47435
5.5 - Medium
- November 12, 2024
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Painter Out-of-Bounds Read Vulnerability
CVE-2024-47436
5.5 - Medium
- November 12, 2024
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Painter Out-of-Bounds Read Vulnerability
CVE-2024-47437
5.5 - Medium
- November 12, 2024
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Painter Write-what-where Condition Memory Leak Vulnerability
CVE-2024-47438
5.5 - Medium
- November 12, 2024
Substance3D - Painter versions 10.1.0 and earlier are affected by a Write-what-where Condition vulnerability that could lead to a memory leak. This vulnerability allows an attacker to write a controlled value at a controlled memory location, which could result in the disclosure of sensitive memory content. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Painter NULL Pointer Dereference Denial-of-Service Vulnerability
CVE-2024-47439
5.5 - Medium
- November 12, 2024
Substance3D - Painter versions 10.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Substance3D Painter Untrusted Search Path Vulnerability
CVE-2024-49515
7.8 - High
- November 12, 2024
Substance3D - Painter versions 10.1.0 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Untrusted Path
Substance3D Painter Out-of-Bounds Write Arbitrary Code Execution Vulnerability
CVE-2024-47427
7.8 - High
- November 12, 2024
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Painter Out-of-Bounds Write Arbitrary Code Execution Vulnerability
CVE-2024-47428
7.8 - High
- November 12, 2024
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Painter Out-of-Bounds Write Arbitrary Code Execution Vulnerability
CVE-2024-47430
7.8 - High
- November 12, 2024
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Painter Out-of-Bounds Write Arbitrary Code Execution Vulnerability
CVE-2024-47429
7.8 - High
- November 12, 2024
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Painter Out-of-Bounds Write Arbitrary Code Execution Vulnerability
CVE-2024-47433
7.8 - High
- November 12, 2024
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Painter Out-of-Bounds Write Arbitrary Code Execution Vulnerability
CVE-2024-47434
7.8 - High
- November 12, 2024
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Painter Out-of-Bounds Read Vulnerability
CVE-2024-47440
5.5 - Medium
- November 12, 2024
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Painter Out-of-Bounds Write Arbitrary Code Execution Vulnerability
CVE-2024-49516
7.8 - High
- November 12, 2024
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Painter Heap-based Buffer Overflow Vulnerability
CVE-2024-49517
7.8 - High
- November 12, 2024
Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Painter Out-of-Bounds Write Arbitrary Code Execution Vulnerability
CVE-2024-49518
7.8 - High
- November 12, 2024
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Painter Out-of-Bounds Write Arbitrary Code Execution Vulnerability
CVE-2024-49519
7.8 - High
- November 12, 2024
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Painter Out-of-Bounds Write Arbitrary Code Execution Vulnerability
CVE-2024-49520
7.8 - High
- November 12, 2024
Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Painter Heap-based Buffer Overflow Vulnerability
CVE-2024-49525
7.8 - High
- November 12, 2024
Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Painter 10.0.1 OOB Write RCE
CVE-2024-49522
7.8 - High
- November 05, 2024
Substance3D - Painter versions 10.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Out-of-bounds read in Substance3D Painter <10.0.1 leaks memory
CVE-2024-20787
5.5 - Medium
- October 09, 2024
Substance3D - Painter versions 10.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Painter <=9.1.2 OOB Memory Disclosure
CVE-2024-30309
5.5 - Medium
- May 16, 2024
Substance3D - Painter versions 9.1.2 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Adobe Substance 3d Painter or by Adobe? Click the Watch button to subscribe.
