22 matches found
CVE-2023-22235
Adobe InCopy is affected by a Use-After-Free vulnerability (CVE-2023-22235) in versions 18.1 and earlier and 17.4 and earlier. The issue could allow arbitrary code execution in the context of the current user and requires user interaction (opening a malicious file). Affected per the CVE entry; re...
CVE-2025-21156
Adobe InCopy is affected by an Integer Underflow (Wrap or Wraparound) vulnerability (CVE-2025-21156) in versions 20.0, 19.5.1 and earlier, enabling arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file. Public so...
CVE-2025-30327
CVE-2025-30327 affects Adobe InCopy versions 20.2, 19.5.3 and earlier, due to an Integer Overflow or Wraparound (CWE-190) that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious file). The issue is addressed b...
CVE-2025-47107
Adobe InCopy is affected by CVE-2025-47107 (Heap-based Buffer Overflow) in InCopy 20.2, 19.5.3 and earlier, enabling arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file. Mitigation: apply APSB25-41 security update; patched versions ...
CVE-2024-45136
Adobe InCopy is affected by CVE-2024-45136: InCopy versions 19.4, 18.5.3 and earlier are vulnerable to Unrestricted Upload of File with Dangerous Type, potentially enabling arbitrary code execution on the server. Exploitation requires user interaction. The issue stems from uploading a dangerous f...
CVE-2025-47097
CVE-2025-47097 affects Adobe InCopy 20.3, 19.5.3 and earlier. It describes an Integer Underflow (Wrap or Wraparound) that could allow arbitrary code execution in the context of the current user, requiring the victim to open a malicious file (UI: Required, Attack Vector: Local). The CVSS v3.1 scor...
CVE-2026-34706
CVE-2026-34706 affects Adobe InCopy 21.3, 20.5.3 and earlier, with an out-of-bounds write that could lead to arbitrary code execution in the current user context. Exploitation requires user interaction (victim must open a malicious file). No exploit details or patches are provided in the supplied...
CVE-2025-47098
Adobe InCopy is affected by CVE-2025-47098 (Access of Uninitialized Pointer) in versions 20.3, 19.5.3 and earlier, enabling arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). Connected documents corroborate affe...
CVE-2026-21281
CVE-2026-21281 affects Adobe InCopy 21.0, 19.5.5 and earlier. The root cause is a Heap-based Buffer Overflow in InCopy components that could allow arbitrary code execution in the context of the current user, triggered when a user opens a malicious file (user interaction required). Connected sourc...
CVE-2026-34707
CVE-2026-34707 concerns Adobe InCopy versions 21.3, 20.5.3 and earlier. The issue is described as a Heap-based Buffer Overflow in InCopy, which could permit arbitrary code execution in the context of the current user. Exploitation requires user interaction, specifically the victim opening a malic...
CVE-2025-54215
CVE-2025-54215 affects Adobe InCopy versions 20.4, 19.5.4 and earlier. It is an out-of-bounds write vulnerability (CWE-787) that could lead to arbitrary code execution in the user’s context. Exploitation requires user interaction—opening a maliciously crafted file. Public references indicate a se...
CVE-2025-54216
Adobe InCopy (versions 20.4, 19.5.4 and earlier) is affected by an out-of-bounds write (CWE-787) vulnerability that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a maliciously crafted file. Remediation involves ...
CVE-2025-54219
CVE-2025-54219 affects Adobe InCopy: heap-based buffer overflow in InCopy versions 20.4, 19.5.4 and earlier. Root cause: improper memory handling leading to a heap overflow. Impact: arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must op...
CVE-2025-47099
CVE-2025-47099 affects Adobe InCopy versions 20.3, 19.5.3 and earlier, due to a heap-based buffer overflow that could allow arbitrary code execution in the current user context. Exploitation requires user interaction (open a malicious file). Adobe released APSB25-59 to address critical vulnerabil...
CVE-2025-54220
CVE-2025-54220 affects Adobe InCopy versions 20.4, 19.5.4 and earlier, with a heap-based buffer overflow that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. Public sources confirm this is tied t...
CVE-2026-34631
InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write (CWE-787) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. Affected product/version details are provided in bot...
CVE-2025-54218
Summary: CVE-2025-54218 affects Adobe InCopy (versions 20.4, 19.5.4 and earlier). It is an out-of-bounds write vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious file). Affected components/...
CVE-2025-54223
Adobe InCopy versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability (CVE-2025-54223) that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). Public sources in the provided...
CVE-2026-34708
InCopy (Adobe) versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability (CWE-121) that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file. The issue is reporte...
CVE-2025-54221
Summary: CVE-2025-54221 affects Adobe InCopy versions 20.4, 19.5.4 and earlier with an out-of-bounds write that can lead to arbitrary code execution in the context of the current user when a malicious file is opened. The issue requires user interaction. Concrete details from connected sources con...
CVE-2025-54217
CVE-2025-54217 affects Adobe InCopy (versions 20.4 and earlier, including 19.5.4 and earlier). The issue is a heap-based buffer overflow that can permit arbitrary code execution in the context of the current user, with exploitation requiring user interaction (victim must open a malicious file). R...
CVE-2026-27287
CVE-2026-27287 affects Adobe InCopy versions 20.5.2, 21.2 and earlier. It is an out-of-bounds read when parsing a crafted file, potentially allowing code execution in the context of the current user. Exploitation requires user interaction (the victim must open a malicious file); attack vector is ...