202 matches found
CVE-2022-28831
Adobe InDesign is affected by CVE-2022-28831 (Font Parsing Out-Of-Bounds Write) leading to remote code execution in the context of the current user. Affected versions include 17.1 and earlier, and 16.4.1 and earlier. The vulnerability arises from an out-of-bounds write during font parsing and req...
CVE-2024-20766
Summary: CVE-2024-20766 affects Adobe InDesign Desktop (versions 18.5.1, 19.2 and earlier) with an out-of-bounds read that can disclose memory and bypass certain mitigations (ASLR). Exploitation requires user interaction (victim opens a malicious file). References consistently describe this as an...
CVE-2022-34245
CVE-2022-34245 affects Adobe InDesign versions 17.2.1 and earlier, and 16.4.1 and earlier. The issue is a heap-based buffer overflow in font parsing that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious file). A...
CVE-2022-34248
CVE-2022-34248 affects Adobe InDesign 17.2.1 and earlier and 16.4.1 and earlier. It is an out-of-bounds read vulnerability triggered while parsing a crafted file, potentially allowing code execution in the user’s context; exploitation requires user interaction (opening a malicious file). The init...
CVE-2020-24421
CVE-2020-24421 affects Adobe InDesign 15.1.2 and earlier. A NULL pointer dereference when processing a malformed .indd file leads to client denial-of-service; exploitation requires user interaction. Public references in the connected docs point to Adobe APSB20-66. Remediation details are present ...
CVE-2021-40727
Adobe InDesign (Windows/macOS) versions prior to 16.4.0 are affected by CVE-2021-40727 (Access of Memory Location After End of Buffer) as part of APSB21-73. The issue, triggered during parsing of TIFF input, is described across multiple third‑party advisories as a boundary/overflow condition that...
CVE-2022-30660
CVE-2022-30660 affects Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier). It is an out-of-bounds write vulnerability that could permit arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious file). Connected...
CVE-2022-30662
Adobe InDesign on Windows/macOS is affected by CVE-2022-30662 (and related CVEs) due to an out-of-bounds write in the font parsing or related components, allowing arbitrary code execution in the context of the current user when a victim opens a malicious file. The issue requires user interaction ...
CVE-2021-42732
CVE-2021-42732 is linked to Adobe InDesign and is described as Access of Memory Location After End of Buffer (CWE-788). Connected documents indicate this issue is part of the APSB21-107 advisory affecting InDesign versions prior to 17.0.0 (notably 16.x and earlier). The CVSSv3.1 data from the NVD...
CVE-2022-28833
Adobe InDesign is affected by CVE-2022-28833 (out-of-bounds write) in versions 17.1 and earlier and 16.4.1 and earlier. The vulnerability could allow arbitrary code execution in the context of the current user and requires user interaction (victim must open a malicious file). Affected platforms i...
CVE-2022-30661
Adobe InDesign (Windows/macOS) versions 17.2.1 and earlier, and 16.4.1 and earlier, are affected by a heap-based buffer overflow that could enable arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file. Context: CVE-2022-30661 (and rel...
CVE-2022-30665
CVE-2022-30665 affects Adobe InDesign versions 17.2.1 and earlier, and 16.4.1 and earlier, due to an out‑of‑bounds write that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). Multiple connected sou...
CVE-2022-28832
Adobe InDesign (versions 17.1 and earlier, and 16.4.1 and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, potentially allowing code execution in the user’s context. Exploitation requires user interaction (opening a malicious file). The issue is documented ...
CVE-2022-30663
CVE-2022-30663 – Adobe InDesign is caused by an out-of-bounds write in SVG file parsing that could allow arbitrary code execution in the context of the current user. Affected versions: InDesign 17.2.1 and earlier, and 16.4.1 and earlier. Exploitation requires user interaction (the victim must ope...
CVE-2023-21587
Adobe InDesign is affected by a heap-based buffer overflow (CVE-2023-21587) that could allow arbitrary code execution in the context of the current user. Affected versions include InDesign 18.0 and earlier, and 17.4 and earlier; exploitation requires user interaction (opening a malicious file). T...
CVE-2021-39820
CVE-2021-39820 affects Adobe InDesign versions 16.3 (and earlier) and 16.3.1 (and earlier). The vulnerability is an out‑of‑bounds write caused by insecure handling of a malicious TIFF file, which could allow arbitrary code execution in the context of the current user. Exploitation requires user i...
CVE-2023-21590
Adobe InDesign is affected by an out-of-bounds write vulnerability (CVE-2023-21590) in versions 18.0 and earlier, and 17.4 and earlier. The issue could allow arbitrary code execution and requires user interaction (opening a malicious file). Affected components: InDesign font parsing/out-of-bounds...
CVE-2022-34247
CVE-2022-34247 affects Adobe InDesign, specifically versions 17.2.1 and earlier and 16.4.1 and earlier. The issue is a font parsing out-of-bounds write that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious file). ...
CVE-2025-27177
Adobe InDesign Desktop (ID20.1, ID19.5.2 and earlier) is affected by a heap-based buffer overflow (CVE-2025-27177) that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. Affected versions and roo...
CVE-2021-42731
Adobe InDesign 16.4 and earlier are affected by a Buffer Overflow when parsing a specially crafted file, allowing arbitrary code execution in the user’s context. Exploitation requires user interaction (victim must open a malicious file). Several connected sources corroborate CVE-2021-42731 and re...
CVE-2024-41836
Summary of CVE-2024-41836 (InDesign Desktop) : A NULL pointer dereference in InDesign Desktop for versions ID18.5.2, ID19.3 and earlier can crash the application, leading to a DoS. Exploitation requires user interaction (victim opens a malicious file). The issue is documented across multiple sour...
CVE-2025-27178
Adobe InDesign Desktop (IDs ID20.1, ID19.5.2 and earlier) is affected by an out-of-bounds write vulnerability (CWE-787) that could allow arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file, i.e., user interaction is required. Affect...
CVE-2022-30658
Adobe InDesign is affected by CVE-2022-30658 (Heap-based Buffer Overflow) across versions 17.2.1 and earlier and 16.4.1 and earlier, enabling arbitrary code execution in the context of the current user if a malicious file is opened. Exploitation requires user interaction. Updated patches are avai...
CVE-2022-30659
Adobe InDesign (versions 17.2.1 and earlier; 16.4.1 and earlier) contains an out-of-bounds write vulnerability that could lead to arbitrary code execution in the current user context. Exploitation requires user interaction (open a malicious file). Remediation: update to 16.4.2 or 17.3.0 (APSB22-3...
CVE-2023-21591
Adobe InDesign is affected by a Font Parsing Out-Of-Bounds Read vulnerability (CVE-2023-21591) in which an out-of-bounds read could disclose memory and bypass ASLR. Affected versions: 18.0 and earlier, 17.4 and earlier. Exploitation requires user interaction (opening a crafted file). Remediation:...
CVE-2019-7107
CVE-2019-7107 affects Adobe InDesign ≤14.0.1, due to an unsafe hyperlink processing vulnerability that could lead to arbitrary code execution. The issue is mitigated by applying updates to InDesign 13.1.1 or 14.0.2. Connected sources corroborate the vulnerability, its impact (arbitrary code execu...
CVE-2021-36004
Adobe InDesign 16.0 and earlier are affected by CVE-2021-36004, an out-of-bounds write in the CoolType library that could allow remote code execution. Exploitation requires user interaction (victim opens a malicious file). A patch is available via Adobe APSB21-73; update to a fixed version (e.g.,...
CVE-2021-39822
Adobe InDesign (Windows/macOS) 16.3 and 16.3.1 and earlier are affected by CVE-2021-39822, an out-of-bounds write in BMP file parsing that can lead to arbitrary code execution. Exploitation requires user interaction (open a malicious BMP). A fix is available in 16.4.0 or later (per APSB21-73/Ness...
CVE-2022-30676
Adobe InDesign 16.x and 17.x are affected by CVE-2022-30676, an out-of-bounds read leading to memory disclosure. Root cause: parsing/memory handling flaw that could bypass ASLR. Exploitation requires user interaction (opening a malicious file) and is described as local with medium base score. Aff...
CVE-2022-34246
Adobe InDesign is affected by a heap-based buffer overflow (font parsing) that can lead to arbitrary code execution in the context of the current user. Affects InDesign versions 17.2.1 and earlier, and 16.4.1 and earlier; exploitation requires user interaction (opening a malicious file). Connecte...
CVE-2017-11302
CVE-2017-11302 affects Adobe InDesign 12.1.0 and earlier on Windows/macOS, due to an exploitable memory corruption vulnerability that could allow arbitrary code execution. The referenced APSB17-38 advisory states an update fixes the issue; patch to InDesign 13.0.0 or later (critical, CVSS 3.x/10....
CVE-2025-27176
CVE-2025-27176 refers to a NULL Pointer Dereference in Adobe InDesign Desktop (ID20.1, ID19.5.2 and earlier) that could crash the app and cause a denial-of-service. The issue requires user interaction (victim must open a malicious file). Connected sources corroborate the vulnerability in InDesign...
CVE-2022-30673
Adobe InDesign is affected by CVE-2022-30673: an out-of-bounds read in versions 16.4.2 and earlier and 17.3 and earlier that could disclose memory and bypass ASLR. Exploitation requires user interaction (opening a malicious file). A fix is available: update to InDesign 16.4.3 or 17.4 (per APSB22-...
CVE-2023-21588
Adobe InDesign is affected by CVE-2023-21588 due to an Improper Input Validation vulnerability that could allow arbitrary code execution in the context of the current user. Affected versions: InDesign 18.0 and earlier, 17.4 and earlier. Exploitation requires user interaction (opening a malicious ...
CVE-2006-0525
CVE-2006-0525 affects multiple Adobe products (notably Photoshop CS2, Illustrator CS2, and Adobe Help Center) where a large number of .EXE and .DLL files are installed with write-access for the Everyone group. This local-privilege-escalation vulnerability allows bypassing protections via Trojan h...
CVE-2022-38416
CVE-2022-38416 affects Adobe InDesign versions 16.4.2 and earlier, and 17.3 and earlier, with an out-of-bounds read when parsing a crafted file that could allow code execution under the user’s context. Exploitation requires user interaction (opening a malicious file). Public remediation in connec...
CVE-2023-21589
Adobe InDesign is affected by a font parsing out-of-bounds write vulnerability (CVE-2023-21589) that could allow arbitrary code execution in the context of the current user. Affected versions include InDesign 18.0 and earlier and 17.4 and earlier; exploitation requires user interaction (opening a...
CVE-2025-21157
CVE-2025-21157 concerns Adobe InDesign Desktop. Affected: InDesign ID20.0, ID19.5.1 and earlier. Vulnerability: out-of-bounds write in a component used by these builds, enabling arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a mal...
CVE-2025-27179
CVE-2025-27179 affects Adobe InDesign Desktop versions ID20.1, ID19.5.2 and earlier and is a NULL Pointer Dereference vulnerability that can cause application denial-of-service. The issue requires user interaction: a victim must open a malicious file, which may crash the application. Connected so...
CVE-2021-39821
Adobe InDesign versions 16.3 and earlier (incl. 16.3.1) are affected by an out-of-bounds read in TIFF parsing (CVE-2021-39821) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious TIFF file). A remediation path i...
CVE-2022-30674
Concrete details from connected docs show that CVE-2022-30674 is addressed by updating the mingw-expat (XML parser Expat) package to version 2.4.9 in Fedora advisories for FC35–FC37. The Fedora security advisories state that the remote host’s mingw-expat package is vulnerable and that upgrading ...
CVE-2022-28852
CVE-2022-28852 affects Adobe InDesign 16.x and 17.x prior to 16.4.3 and 17.4, respectively. It is an out-of-bounds write vulnerability that could enable arbitrary code execution in the current user’s context, and exploitation requires the victim to open a malicious file. Remediation (when publicl...
CVE-2022-30675
Adobe InDesign 16.x prior to 16.4.3 and 17.x prior to 17.4 is affected by an out-of-bounds read vulnerability (CVE-2022-30675) that could disclose memory and bypass ASLR. Exploitation requires a user to open a malicious file. Remediation: Adobe APSB22-50 indicates fixes in 16.4.3 and 17.4; update...
CVE-2023-21593
CVE-2023-21593 affects Adobe InDesign versions ID18.1 and earlier, and ID17.4 and earlier. The issue is a NULL pointer dereference that can cause an application denial-of-service in the context of the current user. An unauthenticated attacker can exploit it, but user interaction is required (vict...
CVE-2018-4928
Adobe InDesign versions 13.0 and below are affected by a memory corruption vulnerability (CVE-2018-4928) that could allow arbitrary code execution in the context of the current user. The issue is documented across multiple feeds (NVD, Nessus/OpenVAS entries) and is triggered via exploiting memory...
CVE-2022-28856
CVE-2022-28856 affects Adobe InDesign versions 16.4.2 and earlier and 17.3 and earlier. It is described as an out-of-bounds read vulnerability that could disclose sensitive memory and bypass mitigations such as ASLR. Exploitation requires user interaction, specifically that a victim opens a malic...
CVE-2023-44347
Summary : CVE-2023-44347 affects Adobe InDesign versions ID18.5 and earlier, and ID17.4.2 and earlier, due to a NULL Pointer Dereference. This causes an application denial-of-service in the context of the current user. Exploitation requires user interaction (victim opens a malicious file). The is...
CVE-2021-21098
CVE-2021-21098 affects Adobe InDesign 16.0 and earlier. A crafted file parsing leads to an out-of-bounds write, enabling remote code execution in the current user context. Exploitation requires user interaction (victim opens a malicious file). Public references from NVD/NDA indicate CVSS terms: C...
CVE-2021-21099
Adobe InDesign (Windows/macOS) 16.0 and earlier is affected by an out-of-bounds write when parsing crafted files, enabling remote code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious file). Multiple sources (NVD/NIST, CVE records, and...
CVE-2023-44341
Adobe InDesign CVE-2023-44341 is a NULL pointer dereference affecting InDesign Desktop: versions ID18.5 and earlier and ID17.4.2 and earlier, enabling an unauthenticated attacker to trigger denial-of-service in the context of the current user when a victim opens a malicious file. The issue requir...