106 matches found
CVE-2024-20766
Summary: CVE-2024-20766 affects Adobe InDesign Desktop (versions 18.5.1, 19.2 and earlier) with an out-of-bounds read that can disclose memory and bypass certain mitigations (ASLR). Exploitation requires user interaction (victim opens a malicious file). References consistently describe this as an...
CVE-2025-27177
Adobe InDesign Desktop (ID20.1, ID19.5.2 and earlier) is affected by a heap-based buffer overflow (CVE-2025-27177) that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. Affected versions and roo...
CVE-2024-41836
Summary of CVE-2024-41836 (InDesign Desktop) : A NULL pointer dereference in InDesign Desktop for versions ID18.5.2, ID19.3 and earlier can crash the application, leading to a DoS. Exploitation requires user interaction (victim opens a malicious file). The issue is documented across multiple sour...
CVE-2025-27178
Adobe InDesign Desktop (IDs ID20.1, ID19.5.2 and earlier) is affected by an out-of-bounds write vulnerability (CWE-787) that could allow arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file, i.e., user interaction is required. Affect...
CVE-2025-27176
CVE-2025-27176 refers to a NULL Pointer Dereference in Adobe InDesign Desktop (ID20.1, ID19.5.2 and earlier) that could crash the app and cause a denial-of-service. The issue requires user interaction (victim must open a malicious file). Connected sources corroborate the vulnerability in InDesign...
CVE-2025-21157
CVE-2025-21157 concerns Adobe InDesign Desktop. Affected: InDesign ID20.0, ID19.5.1 and earlier. Vulnerability: out-of-bounds write in a component used by these builds, enabling arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a mal...
CVE-2025-27179
CVE-2025-27179 affects Adobe InDesign Desktop versions ID20.1, ID19.5.2 and earlier and is a NULL Pointer Dereference vulnerability that can cause application denial-of-service. The issue requires user interaction: a victim must open a malicious file, which may crash the application. Connected so...
CVE-2025-21121
Adobe InDesign Desktop (IDs 20.0, 19.5.1 and earlier) is affected by an out-of-bounds write vulnerability (CVE-2025-21121) that could enable arbitrary code execution in the current user context. Exploitation requires user interaction: a victim must open a malicious file. The issue is classified w...
CVE-2024-20781
Summary: Adobe InDesign Desktop (ID18.5.2, ID19.3 and earlier) is affected by a heap-based buffer overflow that could enable arbitrary code execution in the user’s context. Exploitation requires a user to open a malicious file. Connected advisories (APSB24-48) indicate a security update is availa...
CVE-2025-21125
CVE-2025-21125 affects Adobe InDesign Desktop (ID20.0, ID19.5.1 and earlier). Root cause: NULL pointer dereference leading to application denial-of-service. Exploitation requires user interaction (victim opens a malicious file). Affected products/versions are stated in the CVE entry and corrobora...
CVE-2025-24453
CVE-2025-24453 affects Adobe InDesign Desktop (ID20.1, ID19.5.2 and earlier) with a heap-based buffer overflow that can lead to arbitrary code execution in the user’s context. Exploitation requires user interaction (opening a malicious file). Several sources corroborate this issue and note affect...
CVE-2025-21123
CVE-2025-21123 affects Adobe InDesign Desktop (IDs 20.0, 19.5.1 and earlier). The issue is a heap-based buffer overflow in the application that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. P...
CVE-2025-21126
The CVE-2025-21126 case concerns Adobe InDesign Desktop (ID20.0, ID19.5.1 and earlier) with an Improper Input Validation vulnerability that can cause an application crash and denial of service. Documents consistently describe the issue as requiring user interaction (victim opens a malicious file)...
CVE-2025-21158
CVE-2025-21158 affects Adobe InDesign Desktop (ID20.0, ID19.5.1 and earlier). Root cause: integer underflow (wrap/wraparound) in a local-execution path that, with user interaction (open a malicious file), could lead to arbitrary code execution in the current user context. Affected component is In...
CVE-2025-21124
Adobe InDesign CVE-2025-21124 affects InDesign Desktop versions ID20.0, ID19.5.1 and earlier with an out-of-bounds read vulnerability that could disclose sensitive memory and bypass mitigations such as ASLR. Exploitation requires user interaction (victim opens a malicious file). Affected product/...
CVE-2024-41851
Summary (CVE-2024-41851): Adobe InDesign Desktop (ID19.4, ID18.5.2 and earlier) is affected by an Integer Overflow/Wraparound in parsing certain files, enabling arbitrary code execution in the context of the current user. Exploitation requires user interaction (open a malicious file). Affected pr...
CVE-2024-49507
Adobe InDesign Desktop (ID18.5.2, ID19.5 and earlier) is affected by a heap-based buffer overflow that can allow arbitrary code execution in the current user’s context. Exploitation requires user interaction (opening a malicious file). APSB24-88 and related advisories indicate updates to fixed bu...
CVE-2024-41850
CVE-2024-41850 is a vulnerability in Adobe InDesign Desktop, affecting versions ID19.4, ID18.5.2 and earlier. The issue is described as a heap-based buffer overflow that could allow arbitrary code execution in the context of the current user, with exploitation requiring user interaction (the vict...
CVE-2024-41852
CVE-2024-41852 affects Adobe InDesign Desktop for Windows, specifically ID19.4, ID18.5.2 and earlier. It is a stack-based buffer overflow that can enable arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). The CV...
CVE-2026-21358
Adobe InDesign Desktop (versions 21.1, 20.5.1 and earlier) is affected by a heap-based buffer overflow that could crash the application (DoS) when a user opens a malicious file. Exploitation requires user interaction; attack vector is local with low complexity and no privileges, yielding a high a...
CVE-2024-20782
Summary: Adobe InDesign Desktop vulnerable to an out-of-bounds write (affecting ID19.3, ID18.5.2 and earlier) that could lead to arbitrary code execution in the context of the current user. Attack prerequisite: user must open a malicious file. Impact: arbitrary code execution, under the user’s pr...
CVE-2024-34127
Adobe InDesign Desktop: CVE-2024-34127 is an out-of-bounds read vulnerability in TIF file parsing affecting ID19.4, ID18.5.2 and earlier. Root cause is an out-of-bounds read that could disclose memory and bypass ASLR; exploitation requires user interaction (open a malicious file). Impact is memor...
CVE-2024-39390
Adobe InDesign Desktop prior to 18.5.3 and 19.0+ (ID19.4, ID18.5.2 and earlier) is affected by an out-of-bounds write that could allow arbitrary code execution with the user’s context after opening a malicious file. The advisory APSB24-56 and related advisories indicate updates are available to f...
CVE-2025-24452
CVE-2025-24452 affects Adobe InDesign Desktop (IDs ID20.1, ID19.5.2 and earlier) and is caused by an out-of-bounds write in a vulnerable component, enabling arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file (user interaction). Ver...
CVE-2024-20783
CVE-2024-20783 affects Adobe InDesign Desktop: ID19.3, ID18.5.2 and earlier. Affected component is a heap-based buffer overflow in InDesign that can lead to arbitrary code execution in the context of the current user when a victim opens a malicious file. Exploit requires user interaction (opening...
CVE-2024-49508
CVE-2024-49508 concerns InDesign Desktop. Affected: ID18.5.2, ID19.5 and earlier. Issue: a heap-based buffer overflow that can allow arbitrary code execution in the current user context. Exploitation requires user interaction (victim must open a malicious file). Connected sources confirm the vuln...
CVE-2024-20785
Adobe InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a heap-based buffer overflow that could allow arbitrary code execution in the context of the current user when a victim opens a malicious file. Exploitation requires user interaction (open of a crafted file). Affected pr...
CVE-2024-39393
Adobe InDesign Desktop (ID19.4, ID18.5.2 and earlier) is affected by CVE-2024-39393 due to an out-of-bounds read while parsing crafted files, potentially allowing code execution in the caller’s context. Exploitation requires user interaction (victim opens a malicious file). Affected versions are ...
CVE-2024-49529
CVE-2024-49529 affects Adobe InDesign Desktop versions 19.0, 20.0 and earlier with an out-of-bounds read that could disclose memory and bypass ASLR. Exploitation requires user interaction (open a malicious file). Public detail from multiple sources confirms this is a memory-leak/Out-of-bounds Rea...
CVE-2025-27171
CVE-2025-27171 affects Adobe InDesign Desktop (ID20.1, ID19.5.2 and earlier). The issue is a heap-based buffer overflow in InDesign components that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (the user must open a malicious file)...
CVE-2024-39391
CVE-2024-39391 affects Adobe InDesign Desktop versions ID19.4, ID18.5.2 and earlier. The issue is an out-of-bounds write that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. Multiple connected so...
CVE-2024-41853
CVE-2024-41853 – Adobe InDesign Desktop : A heap-based buffer overflow in InDesign Desktop (IDs ID19.4, ID18.5.2 and earlier) could allow arbitrary code execution in the user’s context. Exploitation requires user interaction—opening a malicious file. The CVSSv3.1 base score is 7.8 (High) with loc...
CVE-2025-27175
CVE-2025-27175 affects Adobe InDesign Desktop (ID20.1, ID19.5.2 and earlier). The issue is an out-of-bounds write in InDesign’s handling of a file, leading to arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file...
CVE-2024-39394
Adobe InDesign Desktop (Windows/macOS) versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability (CVE-2024-39394) that could enable arbitrary code execution in the current user context. Exploitation requires the user to open a malicious file. A security update is ...
CVE-2025-27166
Adobe InDesign Desktop (ID20.1, ID19.5.2 and earlier) is affected by CVE-2025-27166: an out-of-bounds write that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious file). Mitigation: Adobe’s APSB25-19 security updat...
CVE-2024-41866
Adobe InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could crash the application and cause a denial-of-service. Exploitation requires user interaction (victim opens a malicious file). The issue is listed among APSB24-56 and ass...
CVE-2024-49511
CVE-2024-49511 describes an out-of-bounds read in Adobe InDesign Desktop for ID18.5.3, ID19.5, and earlier, which can disclose sensitive memory and bypass ASLR. Exploitation requires user interaction (opening a malicious file). Connected documents confirm affected versions and the vulnerability c...
CVE-2025-43590
CVE-2025-43590 affects Adobe InDesign Desktop versions ID20.2, ID19.5.3 and earlier, due to an out-of-bounds write that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction (the victim must open a malicious file). Multiple sources (inclu...
CVE-2024-39389
CVE-2024-39389 (InDesign) affects InDesign Desktop ID19.4, ID18.5.2 and earlier. It is a stack-based buffer overflow in PDF file parsing that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious file). Adobe’s AP...
CVE-2024-39395
CVE-2024-39395 affects Adobe InDesign Desktop up to ID19.4 and ID18.5.2 and earlier, due to a NULL Pointer Dereference that can crash the application and cause a DoS. Exploitation requires user interaction, as a victim must open a malicious file. The vulnerability is listed with a CVSS v3.1 base ...
CVE-2024-49509
Adobe InDesign Desktop (ID18.5.3, ID19.5 and earlier) is affected by a heap-based buffer overflow (CWE-122) that could allow arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file. The issue is addressed in APSB24-88 with security upda...
CVE-2025-43558
The CVE-2025-43558 entry applies to Adobe InDesign Desktop versions ID20.2, ID19.5.3 and earlier, with an out-of-bounds write vulnerability that could allow arbitrary code execution in the user’s context. Exploitation requires user interaction (victim must open a specially crafted file). The issu...
CVE-2024-41854
Adobe InDesign CVE-2024-41854 describes an out-of-bounds read vulnerability in InDesign Desktop (IDs 19.4, 18.5.2 and earlier) that could disclose memory and bypass ASLR. Exploitation requires a user to open a malicious file. The issue is cited in multiple sources (APSB24-56 advisory; Nessus desc...
CVE-2024-45137
CVE-2024-45137 affects Adobe InDesign Desktop versions 19.4, 18.5.3 and earlier. The issue is an Unrestricted Upload of File with Dangerous Type that could allow an attacker to achieve arbitrary code execution when a malicious file is uploaded and executed. Exploitation requires user interaction....
CVE-2025-43593
Summary (CVE-2025-43593) : InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that can lead to arbitrary code execution in the current user context. Exploitation requires user interaction (victim opens a malicious file). Multiple connected ...
CVE-2025-30321
CVE-2025-30321 refers to a NULL Pointer Dereference in Adobe InDesign Desktop (ID20.2, ID19.5.3 and earlier) that can lead to application denial-of-service. The issue requires user interaction: a victim must open a malicious file. Connected advisories confirm multiple in-effect vulnerabilities an...
CVE-2024-49510
CVE-2024-49510 is an out-of-bounds read vulnerability in Adobe InDesign Desktop versions ID18.5.3, ID19.5 and earlier, capable of memory disclosure and potential ASLR bypass. Exploitation requires the victim to open a malicious file, with local attack vector. Connected sources corroborate the con...
CVE-2024-49512
CVE-2024-49512 affects Adobe InDesign Desktop (ID18.5.3, ID19.5 and earlier). It is an out-of-bounds read that could disclose memory and bypass ASLR; exploitation requires a user to open a malicious file. Connected sources confirm affected versions and impact; remediation is Adobe APSB24-88 secur...
CVE-2025-30317
InDesign Desktop (ID20.2, ID19.5.3 and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). Several connected sources corroborate...
CVE-2025-43589
Summary: CVE-2025-43589 affects Adobe InDesign Desktop, specifically versions ID20.2, ID19.5.3 and earlier. The issue is a Use-After-Free vulnerability that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (the victim must open a mali...