65 matches found
CVE-2022-38405
CVE-2022-38405 affects Adobe InCopy 17.3 and earlier and 16.4.2 and earlier. The issue is a Heap-based Buffer Overflow in SVG/file parsing that could enable arbitrary code execution in the user context. Exploitation requires user interaction—opening a malicious file. Mitigation per APSB22-53 is t...
CVE-2022-38404
CVE-2022-38404 affects Adobe InCopy 17.3 and earlier and 16.4.2 and earlier, via a heap-based buffer overflow in SVG file parsing that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious file). Affected product ...
CVE-2023-26368
Adobe InCopy is affected by CVE-2023-26368: an out-of-bounds read when parsing crafted files could allow code execution under the user’s context. Affected versions are InCopy 18.5 and earlier, and 17.4.2 and earlier. Exploitation requires user interaction (opening a malicious file). Mitigation/Re...
CVE-2022-30651
CVE-2022-30651 affects Adobe InCopy fonts parsing in versions 17.2 and earlier and 16.4.1 and earlier, due to an out-of-bounds read in font parsing that can lead to remote code execution under the current user. Exploitation requires user interaction (opening a malicious file). The issue is docume...
CVE-2022-34250
Adobe InCopy is affected by a heap-based buffer overflow in input handling (font parsing) that could allow arbitrary code execution in the context of the current user when a malicious file is opened. Affected versions: 17.2 and earlier, and 16.4.1 and earlier. Requires user interaction. Remediati...
CVE-2022-28836
CVE-2022-28836 affects Adobe InCopy versions 17.1 and earlier, and 16.4.1 and earlier. The issue is an out-of-bounds write in InCopy that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). Remediat...
CVE-2022-34252
Adobe InCopy 16.4.1/17.2 and earlier are affected by a font parsing out-of-bounds read that can disclose memory and bypass ASLR. Exploitation requires user interaction (open a malicious file). Connected advisories (APSB-22-53, APSB-23-08) indicate security updates are available to address this is...
CVE-2022-38406
Adobe InCopy versions 17.3 and earlier, and 16.4.2 and earlier, are affected by an out-of-bounds read vulnerability (CVE-2022-38406) that could disclose memory and bypass mitigations such as ASLR. Exploitation requires user interaction (victim opens a malicious file). Affected software: InCopy 17...
CVE-2022-30654
CVE-2022-30654 affects Adobe InCopy. The issue is a heap-based buffer overflow in font parsing that could allow arbitrary code execution in the context of the current user. Affected versions are InCopy 17.2 and earlier, and 16.4.1 and earlier. Exploitation requires user interaction (opening a mal...
CVE-2022-28835
Adobe InCopy is affected by CVE-2022-28835, a Use-After-Free vulnerability in InCopy 17.1 and earlier and 16.4.1 and earlier that could allow arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file (user interaction). The issue is docum...
CVE-2023-21599
Adobe InCopy (versions 18.0 and earlier, and 17.4 and earlier) is affected by an out-of-bounds read vulnerability that can disclose memory and bypass ASLR. Exploitation requires user interaction (victim opens a malicious file). Affected products are addressed in Adobe APSB23-08, with remediation ...
CVE-2023-21594
Adobe InCopy is affected by a heap-based buffer overflow in font parsing that could allow arbitrary code execution in the context of the current user when a user opens a crafted file. Affected versions include 18.0 and earlier, and 17.4 and earlier. The issue is triggered by processing a maliciou...
CVE-2023-21596
Adobe InCopy is affected by CVE-2023-21596 due to improper input validation, allowing arbitrary code execution under the current user. Affected versions are 18.0 and earlier, and 17.4 and earlier; exploitation requires user interaction (victim opens a malicious file). Root cause is input validati...
CVE-2022-30655
Adobe InCopy versions 17.2 and earlier, and 16.4.1 and earlier, are affected by a Use-After-Free vulnerability (CVE-2022-30655) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). The issue is do...
CVE-2022-30652
Adobe InCopy is affected by an out-of-bounds write vulnerability in versions 17.2 and earlier, and 16.4.1 and earlier, which could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file. The issue is documen...
CVE-2022-30657
CVE-2022-30657 is an Adobe InCopy font parsing Use-After-Free vulnerability. Affected versions: InCopy 17.2 and earlier, and 16.4.1 and earlier. The issue can allow arbitrary code execution in the context of the current user, with exploitation requiring user interaction (opening a malicious file)...
CVE-2022-34249
CVE-2022-34249 affects Adobe InCopy: versions 17.2 and earlier, and 16.4.1 and earlier, with a heap-based buffer overflow in the InCopy Font parsing code. This could allow arbitrary code execution in the context of the current user, and exploitation requires the user to open a malicious file (use...
CVE-2022-38407
Adobe InCopy versions 17.3 and earlier, and 16.4.2 and earlier, are affected by CVE-2022-38407, an out-of-bounds read vulnerability that can disclose memory and bypass mitigations such as ASLR. Exploitation requires user interaction (opening a malicious file). Connected sources also reference rel...
CVE-2022-30653
The CVE-2022-30653 entry details an out-of-bounds write in Adobe InCopy, affecting versions 17.2 and earlier and 16.4.1 and earlier. The vulnerability can lead to arbitrary code execution in the context of the current user and requires user interaction (victim opens a malicious file). Connected s...
CVE-2023-21598
CVE-2023-21598 – Adobe InCopy Use-After-Free : Connected sources corroborate a memory disclosure vulnerability in InCopy versions 18.0 and earlier, and 17.4 and earlier. The underlying issue is a Use-After-Free flaw that can bypass mitigations such as ASLR, with exploitation requiring user intera...
CVE-2023-21597
Adobe InCopy is affected by an out-of-bounds write vulnerability (CVE-2023-21597) in versions 18.0 and earlier and 17.4 and earlier that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). Connected a...
CVE-2022-28834
Adobe InCopy is affected by an out-of-bounds write vulnerability that can grant arbitrary code execution in the context of the current user. Affected versions are 17.1 and earlier, and 16.4.1 and earlier. Exploitation requires user interaction (a victim must open a malicious file); the issue is d...
CVE-2022-30650
Adobe InCopy versions 17.2 and earlier and 16.4.1 and earlier are affected by a Heap-based Buffer Overflow in font parsing that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (open a malicious file). Remediation is available via upd...
CVE-2022-34251
Adobe InCopy is affected: versions 17.2 and earlier and 16.4.1 and earlier suffer an Out‑Of‑Bounds Write in font parsing that can lead to arbitrary code execution under the current user. Exploitation requires the user to open a malicious file. Updates have been released (e.g., APSB22-53, APSB23-0...
CVE-2022-30656
CVE-2022-30656 affects Adobe InCopy versions 17.2 and earlier and 16.4.1 and earlier, where a PDF parsing out-of-bounds write can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious file). The issue is documented ac...
CVE-2022-38401
Adobe InCopy is affected by CVE-2022-38401: a heap-based buffer overflow in PCX file parsing could allow arbitrary code execution under the current user when a user opens a malicious file. Affected versions include InCopy 17.3 and earlier and 16.4.2 and earlier. Exploitation requires user interac...
CVE-2022-38402
CVE-2022-38402 corresponds to a heap-based buffer overflow in Adobe InCopy 17.3 and earlier, and 16.4.2 and earlier, triggered by opening a malicious SVG/file. The root cause is within InCopy SVG parsing, allowing arbitrary code execution in the context of the current user when a victim opens a c...
CVE-2023-22235
Adobe InCopy is affected by a Use-After-Free vulnerability (CVE-2023-22235) in versions 18.1 and earlier and 17.4 and earlier. The issue could allow arbitrary code execution in the context of the current user and requires user interaction (opening a malicious file). Affected per the CVE entry; re...
CVE-2023-21595
CVE-2023-21595 affects Adobe InCopy 18.0 and earlier, and 17.4 and earlier, due to an out-of-bounds write that can allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). APSB23-08 and related sources indicate ...
CVE-2025-21156
Adobe InCopy is affected by an Integer Underflow (Wrap or Wraparound) vulnerability (CVE-2025-21156) in versions 20.0, 19.5.1 and earlier, enabling arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file. Public so...
CVE-2022-38403
CVE-2022-38403 affects Adobe InCopy 17.3 and earlier, and 16.4.2 and earlier. The vulnerability is a heap-based buffer overflow in InCopy (SVG parsing) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a maliciou...
CVE-2024-41858
Adobe InCopy is affected by CVE-2024-41858: an Integer Overflow/Wraparound when parsing SVG files in InCopy versions 18.5.2, 19.4 and earlier, potentially allowing arbitrary code execution with the user’s privileges. Exploitation requires the user to open a malicious file. The issue is documented...
CVE-2021-45054
Adobe InCopy 16.4 and earlier is affected by a use-after-free vulnerability in the JPEG2000 file processing that could disclose memory and bypass ASLR. Exploitation requires user interaction (victim opens a malicious file). A remediation reference in APSB22-04 notes a patch to address these issue...
CVE-2021-45056
Adobe InCopy 16.4 and earlier is affected by CVE-2021-45056, a JPEG file parsing out-of-bounds write that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). The issue is addressed by updating to InCo...
CVE-2021-21090
Adobe InCopy 16.0 and earlier is affected by a path traversal vulnerability in DOCX/ crafted file parsing that could lead to remote code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). A patch is available: update to InCopy...
CVE-2021-43015
Adobe InCopy 16.4 and earlier are affected by a memory corruption vulnerability (CVE-2021-43015) due to insecure handling of a malicious GIF file, potentially allowing arbitrary code execution under the current user. Exploitation requires user interaction (opening a crafted file). The issue is ad...
CVE-2021-45053
Adobe InCopy 16.4 and earlier is affected by an out-of-bounds write vulnerability in JPEG2000 parsing that could lead to arbitrary code execution in the context of the current user. Exploitation requires the victim to open a malicious file (user interaction). Remediation: update to 16.4.1 (patche...
CVE-2025-30327
CVE-2025-30327 affects Adobe InCopy versions 20.2, 19.5.3 and earlier, due to an Integer Overflow or Wraparound (CWE-190) that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious file). The issue is addressed b...
CVE-2021-39819
Adobe InCopy 11.1 and earlier is affected by a memory corruption vulnerability caused by insecure handling of a malicious XML file, potentially leading to arbitrary code execution in the user’s context. Exploitation requires user interaction. Affected versions noted include InCopy 11.1 and earlie...
CVE-2021-43016
Adobe InCopy 16.4 and earlier is affected by CVE-2021-43016: a null pointer dereference when parsing a specially crafted file, enabling denial-of-service in the current user context after opening a malicious file. Exploitation requires user interaction (opening the file). Remediation is reference...
CVE-2025-47107
Adobe InCopy is affected by CVE-2025-47107 (Heap-based Buffer Overflow) in InCopy 20.2, 19.5.3 and earlier, enabling arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file. Mitigation: apply APSB25-41 security update; patched versions ...
CVE-2021-45055
Adobe InCopy 16.4 and earlier are affected by an out-of-bounds read when parsing crafted files, potentially allowing code execution in the user’s context. Exploitation requires user interaction (victim must open a malicious file). The issue is addressed in Adobe InCopy 16.4.1 (APSB22-04). Other s...
CVE-2024-45136
Adobe InCopy is affected by CVE-2024-45136: InCopy versions 19.4, 18.5.3 and earlier are vulnerable to Unrestricted Upload of File with Dangerous Type, potentially enabling arbitrary code execution on the server. Exploitation requires user interaction. The issue stems from uploading a dangerous f...
CVE-2021-39818
Adobe InCopy 11.1 and earlier are affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially allowing arbitrary code execution in the context of the current user. Exploitation requires user interaction. The issue is listed as CVE-2021-39818. Conne...
CVE-2021-21010
CVE-2021-21010 affects Adobe InCopy on Windows (versions 15.1.1 and earlier). The issue is an uncontrolled search path vulnerability that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. The vulne...
CVE-2025-47097
CVE-2025-47097 affects Adobe InCopy 20.3, 19.5.3 and earlier. It describes an Integer Underflow (Wrap or Wraparound) that could allow arbitrary code execution in the context of the current user, requiring the victim to open a malicious file (UI: Required, Attack Vector: Local). The CVSS v3.1 scor...
CVE-2025-47098
Adobe InCopy is affected by CVE-2025-47098 (Access of Uninitialized Pointer) in versions 20.3, 19.5.3 and earlier, enabling arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). Connected documents corroborate affe...
CVE-2025-54215
CVE-2025-54215 affects Adobe InCopy versions 20.4, 19.5.4 and earlier. It is an out-of-bounds write vulnerability (CWE-787) that could lead to arbitrary code execution in the user’s context. Exploitation requires user interaction—opening a maliciously crafted file. Public references indicate a se...
CVE-2025-54216
Adobe InCopy (versions 20.4, 19.5.4 and earlier) is affected by an out-of-bounds write (CWE-787) vulnerability that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a maliciously crafted file. Remediation involves ...
CVE-2025-54219
CVE-2025-54219 affects Adobe InCopy: heap-based buffer overflow in InCopy versions 20.4, 19.5.4 and earlier. Root cause: improper memory handling leading to a heap overflow. Impact: arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must op...