Adobe Substance 3d Stager
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Adobe Substance 3d Stager.
By the Year
In 2026 there have been 12 vulnerabilities in Adobe Substance 3d Stager with an average score of 7.8 out of ten. Last year, in 2025 Substance 3d Stager had 25 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Substance 3d Stager in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.37.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 12 | 7.80 |
| 2025 | 25 | 7.43 |
| 2024 | 17 | 6.85 |
| 2023 | 29 | 7.09 |
It may take a day or so for new Substance 3d Stager vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Adobe Substance 3d Stager Security Vulnerabilities
Adobe Substance3D Stager <=3.1.7 OOB Write Arbit Code Exec (user interaction)
CVE-2026-27274
7.8 - High
- March 10, 2026
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Stager UAF (3.1.7) Arbitrary Code Exec
CVE-2026-27277
7.8 - High
- March 10, 2026
Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Substance3D Stager <=3.1.7 OOB Write -> Arbitrary Code Exec
CVE-2026-27273
7.8 - High
- March 10, 2026
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Stager 3.1.7: OOB Write Arbitrary Exec (Adobe)
CVE-2026-27275
7.8 - High
- March 10, 2026
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Stager OOB write 3.1.7 & earlier arbitrary code exec
CVE-2026-27279
7.8 - High
- March 10, 2026
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Stager UAF in 3.1.7 and earlier (Adobe)
CVE-2026-27276
7.8 - High
- March 10, 2026
Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Substance3D Stager 3.1.6 OOB Read in File Parser
CVE-2026-21344
7.8 - High
- February 10, 2026
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Stager 3.1.6 OOB Read CVE-2026-21343
CVE-2026-21343
7.8 - High
- February 10, 2026
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Stager 3.1.6 & older OOB Write Arbitrary Code Exec
CVE-2026-21341
7.8 - High
- February 10, 2026
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Stager 3.1.6 OOB Read Vulnerability
CVE-2026-21345
7.8 - High
- February 10, 2026
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Out-of-Bounds Write in Substance3D Stager <3.1.6: Arbitrary Code Exec
CVE-2026-21342
7.8 - High
- February 10, 2026
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Use After Free in Adobe Substance3D Stager <=3.1.5 -> RCE
CVE-2026-21287
7.8 - High
- January 13, 2026
Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Substance3D Stager <=3.1.5: Integer Underflow Arbitrary Code Exec
CVE-2025-61835
7.8 - High
- November 11, 2025
Substance3D - Stager versions 3.1.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer underflow
Substance3D Stager OOB Read (<=3.1.5) Enables User-Context Code Exec
CVE-2025-61833
7.8 - High
- November 11, 2025
Substance3D - Stager versions 3.1.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Stager <=3.1.5 UAF leads to arbitrary code exec
CVE-2025-64531
7.8 - High
- November 11, 2025
Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Substance3D Stager <3.1.6 UseAfterFree: Arbitrary Code Execution
CVE-2025-61834
7.8 - High
- November 11, 2025
Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Substance3D Stager <=3.1.4 Integer Overflow RCE via Malicious File
CVE-2025-61803
7.8 - High
- October 14, 2025
Substance3D - Stager versions 3.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer Overflow or Wraparound
Substance3D Stager Use-After-Free v3.1.4- prior to v3.1.4: Arbitrary Code Execution
CVE-2025-61802
7.8 - High
- October 14, 2025
Substance3D - Stager versions 3.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Substance3D Stager <3.1.4: Integer Overflow Arbitrary Code via Malicious File
CVE-2025-61807
7.8 - High
- October 14, 2025
Substance3D - Stager versions 3.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer Overflow or Wraparound
Substance3D Stager 3.1.4 OOB Read Allowing Code Execution
CVE-2025-61805
7.8 - High
- October 14, 2025
Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Stager <3.1.4: OOB Read in File Parsing
CVE-2025-61806
7.8 - High
- October 14, 2025
Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance 3D Stager 3.1.3-: OOB read leads to memory exposure
CVE-2025-54237
5.5 - Medium
- September 16, 2025
Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
OOB Read in Substance3D Stager <=3.1.3 Enables Code Exec (User Interaction)
CVE-2025-54262
7.8 - High
- September 16, 2025
Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
CVE-2025-54222: Substance3D Stager <3.1.3 OOB Write
CVE-2025-54222
7.8 - High
- August 12, 2025
Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Stager OOB Read before 3.1.2; data exfil via crafted file
CVE-2025-27165
5.5 - Medium
- July 08, 2025
Substance3D - Stager versions 3.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Substance3D Stager <=3.1.1 Use-After-Free: RCE
CVE-2025-43571
7.8 - High
- May 13, 2025
Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Substance3D Stager 3.1.1 OOB Read & ASLR Bypass
CVE-2025-43551
5.5 - Medium
- May 13, 2025
Substance3D - Stager versions 3.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Stager 3.1.1 & older – UAF for code exec
CVE-2025-43568
7.8 - High
- May 13, 2025
Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Substance3D Stager OOB Write CVE-2025-43569 (<=3.1.1)
CVE-2025-43569
7.8 - High
- May 13, 2025
Substance3D - Stager versions 3.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Use-After-Free in Substance3D Stager <3.1.1 Enables Arbitrary Code Exec
CVE-2025-43570
7.8 - High
- May 13, 2025
Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Use After Free in Substance3D Stager <=3.1.1 (CVE-2025-43549)
CVE-2025-43549
7.8 - High
- May 13, 2025
Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Substance3D Stager <3.1.0 NULL Pointr Deref DoS
CVE-2025-21155
5.5 - Medium
- February 11, 2025
Substance3D - Stager versions 3.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Substance3D Stager <3.0.4 OOB write -> arbitrary code exec
CVE-2025-21131
7.8 - High
- January 14, 2025
Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Stager OOB Write CVE-2025-21132 (v3.0.4)
CVE-2025-21132
7.8 - High
- January 14, 2025
Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Stager <3.0.4: OOB Write Arbitrary Code Exec
CVE-2025-21130
7.8 - High
- January 14, 2025
Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Stager <=3.0.4: Heap Buffer Overflow (arbitrary code exec)
CVE-2025-21129
7.8 - High
- January 14, 2025
Substance3D - Stager versions 3.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Stager <=3.0.4: Stack Bufov Vulnerability (User Interaction)
CVE-2025-21128
7.8 - High
- January 14, 2025
Substance3D - Stager versions 3.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Stager OOB Read in <3.0.2 (CVE-2024-52998)
CVE-2024-52998
5.5 - Medium
- November 22, 2024
Substance3D - Stager versions 3.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Stager OOB CVE-2024-45141 (3.0.3)
CVE-2024-45141
7.8 - High
- October 09, 2024
Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
CVE-2024-45140: OOB Write in Adobe Substance3D Stager <3.0.3
CVE-2024-45140
7.8 - High
- October 09, 2024
Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Stager 3.0.3 Heap BF Overflow
CVE-2024-45139
7.8 - High
- October 09, 2024
Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Write-what-where Vulnerability (3.0.3) Enables Code Exec
CVE-2024-45142
7.8 - High
- October 09, 2024
Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability allows an attacker to write a controlled value to an arbitrary memory location, potentially leading to code execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Write-what-where Condition
UAF in Substance 3D Stager 3.0.3 Arbitrary Code Exec
CVE-2024-45138
7.8 - High
- October 09, 2024
Substance3D - Stager versions 3.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Substance3D Stager <=3.0.3 Heap Buffer Overflow
CVE-2024-45143
7.8 - High
- October 09, 2024
Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Stager OOB Write CVE-2024-45144 - arbitrary code exec before 3.0.3
CVE-2024-45144
7.8 - High
- October 09, 2024
Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Out-of-bounds write CVE-2024-45152 in Substance3D Stager 3.0.3 (code exec)
CVE-2024-45152
7.8 - High
- October 09, 2024
Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Substance3D Stager 3.0.2 UAF & Code Exec (User Interaction)
CVE-2024-39388
7.8 - High
- August 14, 2024
Substance3D - Stager versions 3.0.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Substance3D Stager <=2.1.4 OOBW CVE-2024-34115
CVE-2024-34115
7.8 - High
- June 13, 2024
Substance3D - Stager versions 2.1.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Substance 3D Stager 2.1.3 OOB Read ASLR Bypass
CVE-2024-20715
5.5 - Medium
- January 10, 2024
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Substance3D Stager <=2.1.3 OOB Read ASLR Bypass Vulnerability
CVE-2024-20714
5.5 - Medium
- January 10, 2024
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Adobe Substance 3d Stager or by Adobe? Click the Watch button to subscribe.
