CVE-2026-21301
NULL Pointer Dereference in Substance3D Modeler Causes DoS
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: Adobe Systems Incorporated
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| adobe | substance3d_modeler | to 1.22.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a NULL Pointer Dereference in Substance3D - Modeler versions 1.22.4 and earlier. It occurs when the application attempts to access a null pointer, which can cause the application to crash or become unresponsive. Exploiting this vulnerability requires a user to open a malicious file, leading to a denial-of-service condition.
How can this vulnerability impact me? :
The impact of this vulnerability is an application denial-of-service, meaning the affected software could crash or stop functioning properly when a malicious file is opened. This could disrupt your workflow or services relying on Substance3D - Modeler.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid opening files from untrusted sources in Substance3D - Modeler versions 1.22.4 and earlier. Consider updating to a later version if available, or apply any patches provided by Adobe. Additionally, educate users about the risk of opening malicious files to prevent exploitation.