Lucene search
K
AdobeIndesign

202 matches found

CVE
CVE
added 2023/09/11 1:2 p.m.2577 views

CVE-2022-28831

Adobe InDesign is affected by CVE-2022-28831 (Font Parsing Out-Of-Bounds Write) leading to remote code execution in the context of the current user. Affected versions include 17.1 and earlier, and 16.4.1 and earlier. The vulnerability arises from an out-of-bounds write during font parsing and req...

7.8CVSS7.8AI score0.00402EPSS
CVE
CVE
added 2024/04/10 12:48 p.m.146 views

CVE-2024-20766

Summary: CVE-2024-20766 affects Adobe InDesign Desktop (versions 18.5.1, 19.2 and earlier) with an out-of-bounds read that can disclose memory and bypass certain mitigations (ASLR). Exploitation requires user interaction (victim opens a malicious file). References consistently describe this as an...

5.5CVSS5.8AI score0.00337EPSS
CVE
CVE
added 2022/07/15 3:48 p.m.127 views

CVE-2022-34245

CVE-2022-34245 affects Adobe InDesign versions 17.2.1 and earlier, and 16.4.1 and earlier. The issue is a heap-based buffer overflow in font parsing that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious file). A...

7.8CVSS7.7AI score0.00463EPSS
CVE
CVE
added 2022/07/15 3:48 p.m.108 views

CVE-2022-34248

CVE-2022-34248 affects Adobe InDesign 17.2.1 and earlier and 16.4.1 and earlier. It is an out-of-bounds read vulnerability triggered while parsing a crafted file, potentially allowing code execution in the user’s context; exploitation requires user interaction (opening a malicious file). The init...

5.5CVSS5.6AI score0.00354EPSS
CVE
CVE
added 2020/10/21 9:28 p.m.104 views

CVE-2020-24421

CVE-2020-24421 affects Adobe InDesign 15.1.2 and earlier. A NULL pointer dereference when processing a malformed .indd file leads to client denial-of-service; exploitation requires user interaction. Public references in the connected docs point to Adobe APSB20-66. Remediation details are present ...

5.5CVSS5.2AI score0.01799EPSS
CVE
CVE
added 2022/06/15 4:56 p.m.104 views

CVE-2021-40727

Adobe InDesign (Windows/macOS) versions prior to 16.4.0 are affected by CVE-2021-40727 (Access of Memory Location After End of Buffer) as part of APSB21-73. The issue, triggered during parsing of TIFF input, is described across multiple third‑party advisories as a boundary/overflow condition that...

9.3CVSS7.6AI score0.0134EPSS
CVE
CVE
added 2022/06/16 4:59 p.m.103 views

CVE-2022-30660

CVE-2022-30660 affects Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier). It is an out-of-bounds write vulnerability that could permit arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious file). Connected...

9.3CVSS7.8AI score0.0192EPSS
CVE
CVE
added 2022/06/16 5:0 p.m.102 views

CVE-2022-30662

Adobe InDesign on Windows/macOS is affected by CVE-2022-30662 (and related CVEs) due to an out-of-bounds write in the font parsing or related components, allowing arbitrary code execution in the context of the current user when a victim opens a malicious file. The issue requires user interaction ...

9.3CVSS7.8AI score0.0192EPSS
CVE
CVE
added 2022/06/15 4:57 p.m.100 views

CVE-2021-42732

CVE-2021-42732 is linked to Adobe InDesign and is described as Access of Memory Location After End of Buffer (CWE-788). Connected documents indicate this issue is part of the APSB21-107 advisory affecting InDesign versions prior to 17.0.0 (notably 16.x and earlier). The CVSSv3.1 data from the NVD...

7.8CVSS7.6AI score0.01901EPSS
CVE
CVE
added 2023/09/11 1:2 p.m.97 views

CVE-2022-28833

Adobe InDesign is affected by CVE-2022-28833 (out-of-bounds write) in versions 17.1 and earlier and 16.4.1 and earlier. The vulnerability could allow arbitrary code execution in the context of the current user and requires user interaction (victim must open a malicious file). Affected platforms i...

7.8CVSS7.8AI score0.00402EPSS
CVE
CVE
added 2022/06/16 5:0 p.m.96 views

CVE-2022-30661

Adobe InDesign (Windows/macOS) versions 17.2.1 and earlier, and 16.4.1 and earlier, are affected by a heap-based buffer overflow that could enable arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file. Context: CVE-2022-30661 (and rel...

9.3CVSS7.7AI score0.05901EPSS
CVE
CVE
added 2022/06/16 5:1 p.m.96 views

CVE-2022-30665

CVE-2022-30665 affects Adobe InDesign versions 17.2.1 and earlier, and 16.4.1 and earlier, due to an out‑of‑bounds write that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). Multiple connected sou...

9.3CVSS7.8AI score0.0192EPSS
CVE
CVE
added 2023/09/11 1:2 p.m.95 views

CVE-2022-28832

Adobe InDesign (versions 17.1 and earlier, and 16.4.1 and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, potentially allowing code execution in the user’s context. Exploitation requires user interaction (opening a malicious file). The issue is documented ...

7.8CVSS7.5AI score0.00445EPSS
CVE
CVE
added 2022/06/16 5:0 p.m.94 views

CVE-2022-30663

CVE-2022-30663 – Adobe InDesign is caused by an out-of-bounds write in SVG file parsing that could allow arbitrary code execution in the context of the current user. Affected versions: InDesign 17.2.1 and earlier, and 16.4.1 and earlier. Exploitation requires user interaction (the victim must ope...

9.3CVSS7.8AI score0.0192EPSS
CVE
CVE
added 2023/01/13 12:0 a.m.94 views

CVE-2023-21587

Adobe InDesign is affected by a heap-based buffer overflow (CVE-2023-21587) that could allow arbitrary code execution in the context of the current user. Affected versions include InDesign 18.0 and earlier, and 17.4 and earlier; exploitation requires user interaction (opening a malicious file). T...

7.8CVSS7.7AI score0.00412EPSS
CVE
CVE
added 2022/06/15 4:53 p.m.93 views

CVE-2021-39820

CVE-2021-39820 affects Adobe InDesign versions 16.3 (and earlier) and 16.3.1 (and earlier). The vulnerability is an out‑of‑bounds write caused by insecure handling of a malicious TIFF file, which could allow arbitrary code execution in the context of the current user. Exploitation requires user i...

7.8CVSS7.8AI score0.03525EPSS
CVE
CVE
added 2023/01/13 12:0 a.m.93 views

CVE-2023-21590

Adobe InDesign is affected by an out-of-bounds write vulnerability (CVE-2023-21590) in versions 18.0 and earlier, and 17.4 and earlier. The issue could allow arbitrary code execution and requires user interaction (opening a malicious file). Affected components: InDesign font parsing/out-of-bounds...

7.8CVSS7.8AI score0.00302EPSS
CVE
CVE
added 2022/07/15 3:48 p.m.91 views

CVE-2022-34247

CVE-2022-34247 affects Adobe InDesign, specifically versions 17.2.1 and earlier and 16.4.1 and earlier. The issue is a font parsing out-of-bounds write that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious file). ...

7.8CVSS7.6AI score0.00329EPSS
CVE
CVE
added 2025/03/11 5:43 p.m.87 views

CVE-2025-27177

Adobe InDesign Desktop (ID20.1, ID19.5.2 and earlier) is affected by a heap-based buffer overflow (CVE-2025-27177) that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. Affected versions and roo...

7.8CVSS7.8AI score0.00315EPSS
CVE
CVE
added 2021/11/16 9:10 p.m.86 views

CVE-2021-42731

Adobe InDesign 16.4 and earlier are affected by a Buffer Overflow when parsing a specially crafted file, allowing arbitrary code execution in the user’s context. Exploitation requires user interaction (victim must open a malicious file). Several connected sources corroborate CVE-2021-42731 and re...

9.3CVSS7.7AI score0.05468EPSS
CVE
CVE
added 2024/07/23 11:34 a.m.86 views

CVE-2024-41836

Summary of CVE-2024-41836 (InDesign Desktop) : A NULL pointer dereference in InDesign Desktop for versions ID18.5.2, ID19.3 and earlier can crash the application, leading to a DoS. Exploitation requires user interaction (victim opens a malicious file). The issue is documented across multiple sour...

5.5CVSS5.5AI score0.00206EPSS
CVE
CVE
added 2025/03/11 5:43 p.m.86 views

CVE-2025-27178

Adobe InDesign Desktop (IDs ID20.1, ID19.5.2 and earlier) is affected by an out-of-bounds write vulnerability (CWE-787) that could allow arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file, i.e., user interaction is required. Affect...

7.8CVSS7.8AI score0.00257EPSS
CVE
CVE
added 2022/06/16 4:58 p.m.85 views

CVE-2022-30658

Adobe InDesign is affected by CVE-2022-30658 (Heap-based Buffer Overflow) across versions 17.2.1 and earlier and 16.4.1 and earlier, enabling arbitrary code execution in the context of the current user if a malicious file is opened. Exploitation requires user interaction. Updated patches are avai...

9.3CVSS7.7AI score0.05901EPSS
CVE
CVE
added 2022/06/16 4:59 p.m.85 views

CVE-2022-30659

Adobe InDesign (versions 17.2.1 and earlier; 16.4.1 and earlier) contains an out-of-bounds write vulnerability that could lead to arbitrary code execution in the current user context. Exploitation requires user interaction (open a malicious file). Remediation: update to 16.4.2 or 17.3.0 (APSB22-3...

9.3CVSS7.8AI score0.0192EPSS
CVE
CVE
added 2023/01/13 12:0 a.m.84 views

CVE-2023-21591

Adobe InDesign is affected by a Font Parsing Out-Of-Bounds Read vulnerability (CVE-2023-21591) in which an out-of-bounds read could disclose memory and bypass ASLR. Affected versions: 18.0 and earlier, 17.4 and earlier. Exploitation requires user interaction (opening a crafted file). Remediation:...

5.5CVSS4.9AI score0.00313EPSS
CVE
CVE
added 2019/05/23 3:40 p.m.82 views

CVE-2019-7107

CVE-2019-7107 affects Adobe InDesign ≤14.0.1, due to an unsafe hyperlink processing vulnerability that could lead to arbitrary code execution. The issue is mitigated by applying updates to InDesign 13.1.1 or 14.0.2. Connected sources corroborate the vulnerability, its impact (arbitrary code execu...

10CVSS9.5AI score0.27809EPSS
CVE
CVE
added 2021/07/27 12:9 p.m.82 views

CVE-2021-36004

Adobe InDesign 16.0 and earlier are affected by CVE-2021-36004, an out-of-bounds write in the CoolType library that could allow remote code execution. Exploitation requires user interaction (victim opens a malicious file). A patch is available via Adobe APSB21-73; update to a fixed version (e.g.,...

8.8CVSS8.8AI score0.02231EPSS
CVE
CVE
added 2023/07/20 6:23 a.m.82 views

CVE-2021-39822

Adobe InDesign (Windows/macOS) 16.3 and 16.3.1 and earlier are affected by CVE-2021-39822, an out-of-bounds write in BMP file parsing that can lead to arbitrary code execution. Exploitation requires user interaction (open a malicious BMP). A fix is available in 16.4.0 or later (per APSB21-73/Ness...

7.8CVSS7.7AI score0.00265EPSS
CVE
CVE
added 2022/09/16 5:20 p.m.82 views

CVE-2022-30676

Adobe InDesign 16.x and 17.x are affected by CVE-2022-30676, an out-of-bounds read leading to memory disclosure. Root cause: parsing/memory handling flaw that could bypass ASLR. Exploitation requires user interaction (opening a malicious file) and is described as local with medium base score. Aff...

5.5CVSS5.2AI score0.00448EPSS
CVE
CVE
added 2022/07/15 3:48 p.m.81 views

CVE-2022-34246

Adobe InDesign is affected by a heap-based buffer overflow (font parsing) that can lead to arbitrary code execution in the context of the current user. Affects InDesign versions 17.2.1 and earlier, and 16.4.1 and earlier; exploitation requires user interaction (opening a malicious file). Connecte...

7.8CVSS7.7AI score0.00463EPSS
CVE
CVE
added 2017/12/09 6:0 a.m.80 views

CVE-2017-11302

CVE-2017-11302 affects Adobe InDesign 12.1.0 and earlier on Windows/macOS, due to an exploitable memory corruption vulnerability that could allow arbitrary code execution. The referenced APSB17-38 advisory states an update fixes the issue; patch to InDesign 13.0.0 or later (critical, CVSS 3.x/10....

10CVSS9.7AI score0.0647EPSS
CVE
CVE
added 2025/03/11 5:43 p.m.80 views

CVE-2025-27176

CVE-2025-27176 refers to a NULL Pointer Dereference in Adobe InDesign Desktop (ID20.1, ID19.5.2 and earlier) that could crash the app and cause a denial-of-service. The issue requires user interaction (victim must open a malicious file). Connected sources corroborate the vulnerability in InDesign...

5.5CVSS5.2AI score0.00229EPSS
CVE
CVE
added 2022/09/16 5:20 p.m.79 views

CVE-2022-30673

Adobe InDesign is affected by CVE-2022-30673: an out-of-bounds read in versions 16.4.2 and earlier and 17.3 and earlier that could disclose memory and bypass ASLR. Exploitation requires user interaction (opening a malicious file). A fix is available: update to InDesign 16.4.3 or 17.4 (per APSB22-...

5.5CVSS5.2AI score0.00448EPSS
CVE
CVE
added 2023/01/13 12:0 a.m.79 views

CVE-2023-21588

Adobe InDesign is affected by CVE-2023-21588 due to an Improper Input Validation vulnerability that could allow arbitrary code execution in the context of the current user. Affected versions: InDesign 18.0 and earlier, 17.4 and earlier. Exploitation requires user interaction (opening a malicious ...

7.8CVSS7.7AI score0.00326EPSS
CVE
CVE
added 2006/02/02 11:0 a.m.78 views

CVE-2006-0525

CVE-2006-0525 affects multiple Adobe products (notably Photoshop CS2, Illustrator CS2, and Adobe Help Center) where a large number of .EXE and .DLL files are installed with write-access for the Everyone group. This local-privilege-escalation vulnerability allows bypassing protections via Trojan h...

4.6CVSS6.6AI score0.01325EPSS
CVE
CVE
added 2022/09/16 5:20 p.m.78 views

CVE-2022-38416

CVE-2022-38416 affects Adobe InDesign versions 16.4.2 and earlier, and 17.3 and earlier, with an out-of-bounds read when parsing a crafted file that could allow code execution under the user’s context. Exploitation requires user interaction (opening a malicious file). Public remediation in connec...

7.8CVSS7.5AI score0.00392EPSS
CVE
CVE
added 2023/01/13 12:0 a.m.78 views

CVE-2023-21589

Adobe InDesign is affected by a font parsing out-of-bounds write vulnerability (CVE-2023-21589) that could allow arbitrary code execution in the context of the current user. Affected versions include InDesign 18.0 and earlier and 17.4 and earlier; exploitation requires user interaction (opening a...

7.8CVSS7.8AI score0.00291EPSS
CVE
CVE
added 2025/02/11 5:10 p.m.78 views

CVE-2025-21157

CVE-2025-21157 concerns Adobe InDesign Desktop. Affected: InDesign ID20.0, ID19.5.1 and earlier. Vulnerability: out-of-bounds write in a component used by these builds, enabling arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a mal...

7.8CVSS7.9AI score0.00275EPSS
CVE
CVE
added 2025/03/11 5:43 p.m.78 views

CVE-2025-27179

CVE-2025-27179 affects Adobe InDesign Desktop versions ID20.1, ID19.5.2 and earlier and is a NULL Pointer Dereference vulnerability that can cause application denial-of-service. The issue requires user interaction: a victim must open a malicious file, which may crash the application. Connected so...

5.5CVSS5.3AI score0.00229EPSS
CVE
CVE
added 2021/09/29 3:36 p.m.77 views

CVE-2021-39821

Adobe InDesign versions 16.3 and earlier (incl. 16.3.1) are affected by an out-of-bounds read in TIFF parsing (CVE-2021-39821) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious TIFF file). A remediation path i...

7.8CVSS7.6AI score0.03841EPSS
CVE
CVE
added 2022/09/16 5:20 p.m.77 views

CVE-2022-30674

Concrete details from connected docs show that CVE-2022-30674 is addressed by updating the mingw-expat (XML parser Exp​at) package to version 2.4.9 in Fedora advisories for FC35–FC37. The Fedora security advisories state that the remote host’s mingw-expat package is vulnerable and that upgrading ...

5.5CVSS5.6AI score0.00498EPSS
CVE
CVE
added 2022/09/16 5:20 p.m.76 views

CVE-2022-28852

CVE-2022-28852 affects Adobe InDesign 16.x and 17.x prior to 16.4.3 and 17.4, respectively. It is an out-of-bounds write vulnerability that could enable arbitrary code execution in the current user’s context, and exploitation requires the victim to open a malicious file. Remediation (when publicl...

7.8CVSS7.8AI score0.00426EPSS
CVE
CVE
added 2022/09/16 5:20 p.m.76 views

CVE-2022-30675

Adobe InDesign 16.x prior to 16.4.3 and 17.x prior to 17.4 is affected by an out-of-bounds read vulnerability (CVE-2022-30675) that could disclose memory and bypass ASLR. Exploitation requires a user to open a malicious file. Remediation: Adobe APSB22-50 indicates fixes in 16.4.3 and 17.4; update...

5.5CVSS5.2AI score0.00448EPSS
CVE
CVE
added 2023/02/17 12:0 a.m.76 views

CVE-2023-21593

CVE-2023-21593 affects Adobe InDesign versions ID18.1 and earlier, and ID17.4 and earlier. The issue is a NULL pointer dereference that can cause an application denial-of-service in the context of the current user. An unauthenticated attacker can exploit it, but user interaction is required (vict...

5.5CVSS5.1AI score0.00329EPSS
CVE
CVE
added 2018/05/19 5:0 p.m.75 views

CVE-2018-4928

Adobe InDesign versions 13.0 and below are affected by a memory corruption vulnerability (CVE-2018-4928) that could allow arbitrary code execution in the context of the current user. The issue is documented across multiple feeds (NVD, Nessus/OpenVAS entries) and is triggered via exploiting memory...

9.3CVSS7.9AI score0.04418EPSS
CVE
CVE
added 2022/09/16 5:20 p.m.75 views

CVE-2022-28856

CVE-2022-28856 affects Adobe InDesign versions 16.4.2 and earlier and 17.3 and earlier. It is described as an out-of-bounds read vulnerability that could disclose sensitive memory and bypass mitigations such as ASLR. Exploitation requires user interaction, specifically that a victim opens a malic...

5.5CVSS5.2AI score0.00448EPSS
CVE
CVE
added 2023/11/16 10:11 a.m.75 views

CVE-2023-44347

Summary : CVE-2023-44347 affects Adobe InDesign versions ID18.5 and earlier, and ID17.4.2 and earlier, due to a NULL Pointer Dereference. This causes an application denial-of-service in the context of the current user. Exploitation requires user interaction (victim opens a malicious file). The is...

5.5CVSS5.1AI score0.00313EPSS
CVE
CVE
added 2021/06/28 1:42 p.m.74 views

CVE-2021-21098

CVE-2021-21098 affects Adobe InDesign 16.0 and earlier. A crafted file parsing leads to an out-of-bounds write, enabling remote code execution in the current user context. Exploitation requires user interaction (victim opens a malicious file). Public references from NVD/NDA indicate CVSS terms: C...

9.3CVSS8.7AI score0.05751EPSS
CVE
CVE
added 2021/06/28 1:42 p.m.74 views

CVE-2021-21099

Adobe InDesign (Windows/macOS) 16.0 and earlier is affected by an out-of-bounds write when parsing crafted files, enabling remote code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious file). Multiple sources (NVD/NIST, CVE records, and...

9.3CVSS8.7AI score0.05751EPSS
CVE
CVE
added 2023/11/16 10:11 a.m.74 views

CVE-2023-44341

Adobe InDesign CVE-2023-44341 is a NULL pointer dereference affecting InDesign Desktop: versions ID18.5 and earlier and ID17.4.2 and earlier, enabling an unauthenticated attacker to trigger denial-of-service in the context of the current user when a victim opens a malicious file. The issue requir...

5.5CVSS5.1AI score0.00313EPSS
Total number of security vulnerabilities202