Lucene search
K

106 matches found

CVE
CVE
added 2024/04/10 12:48 p.m.147 views

CVE-2024-20766

Summary: CVE-2024-20766 affects Adobe InDesign Desktop (versions 18.5.1, 19.2 and earlier) with an out-of-bounds read that can disclose memory and bypass certain mitigations (ASLR). Exploitation requires user interaction (victim opens a malicious file). References consistently describe this as an...

5.5CVSS5.8AI score0.00337EPSS
CVE
CVE
added 2025/03/11 5:43 p.m.89 views

CVE-2025-27177

Adobe InDesign Desktop (ID20.1, ID19.5.2 and earlier) is affected by a heap-based buffer overflow (CVE-2025-27177) that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. Affected versions and roo...

7.8CVSS7.8AI score0.00315EPSS
CVE
CVE
added 2024/07/23 11:34 a.m.86 views

CVE-2024-41836

Summary of CVE-2024-41836 (InDesign Desktop) : A NULL pointer dereference in InDesign Desktop for versions ID18.5.2, ID19.3 and earlier can crash the application, leading to a DoS. Exploitation requires user interaction (victim opens a malicious file). The issue is documented across multiple sour...

5.5CVSS5.5AI score0.00206EPSS
CVE
CVE
added 2025/03/11 5:43 p.m.86 views

CVE-2025-27178

Adobe InDesign Desktop (IDs ID20.1, ID19.5.2 and earlier) is affected by an out-of-bounds write vulnerability (CWE-787) that could allow arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file, i.e., user interaction is required. Affect...

7.8CVSS7.8AI score0.00257EPSS
CVE
CVE
added 2025/03/11 5:43 p.m.81 views

CVE-2025-27176

CVE-2025-27176 refers to a NULL Pointer Dereference in Adobe InDesign Desktop (ID20.1, ID19.5.2 and earlier) that could crash the app and cause a denial-of-service. The issue requires user interaction (victim must open a malicious file). Connected sources corroborate the vulnerability in InDesign...

5.5CVSS5.2AI score0.00229EPSS
CVE
CVE
added 2025/02/11 5:10 p.m.79 views

CVE-2025-21157

CVE-2025-21157 concerns Adobe InDesign Desktop. Affected: InDesign ID20.0, ID19.5.1 and earlier. Vulnerability: out-of-bounds write in a component used by these builds, enabling arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a mal...

7.8CVSS7.9AI score0.00275EPSS
CVE
CVE
added 2025/03/11 5:43 p.m.79 views

CVE-2025-27179

CVE-2025-27179 affects Adobe InDesign Desktop versions ID20.1, ID19.5.2 and earlier and is a NULL Pointer Dereference vulnerability that can cause application denial-of-service. The issue requires user interaction: a victim must open a malicious file, which may crash the application. Connected so...

5.5CVSS5.3AI score0.00229EPSS
CVE
CVE
added 2025/02/11 5:10 p.m.75 views

CVE-2025-21121

Adobe InDesign Desktop (IDs 20.0, 19.5.1 and earlier) is affected by an out-of-bounds write vulnerability (CVE-2025-21121) that could enable arbitrary code execution in the current user context. Exploitation requires user interaction: a victim must open a malicious file. The issue is classified w...

7.8CVSS7.9AI score0.00259EPSS
CVE
CVE
added 2024/07/09 7:18 p.m.73 views

CVE-2024-20781

Summary: Adobe InDesign Desktop (ID18.5.2, ID19.3 and earlier) is affected by a heap-based buffer overflow that could enable arbitrary code execution in the user’s context. Exploitation requires a user to open a malicious file. Connected advisories (APSB24-48) indicate a security update is availa...

7.8CVSS7.8AI score0.0034EPSS
CVE
CVE
added 2025/02/11 5:10 p.m.73 views

CVE-2025-21125

CVE-2025-21125 affects Adobe InDesign Desktop (ID20.0, ID19.5.1 and earlier). Root cause: NULL pointer dereference leading to application denial-of-service. Exploitation requires user interaction (victim opens a malicious file). Affected products/versions are stated in the CVE entry and corrobora...

5.5CVSS5.5AI score0.00246EPSS
CVE
CVE
added 2025/03/11 5:43 p.m.70 views

CVE-2025-24453

CVE-2025-24453 affects Adobe InDesign Desktop (ID20.1, ID19.5.2 and earlier) with a heap-based buffer overflow that can lead to arbitrary code execution in the user’s context. Exploitation requires user interaction (opening a malicious file). Several sources corroborate this issue and note affect...

7.8CVSS7.8AI score0.00315EPSS
CVE
CVE
added 2025/02/11 5:10 p.m.69 views

CVE-2025-21123

CVE-2025-21123 affects Adobe InDesign Desktop (IDs 20.0, 19.5.1 and earlier). The issue is a heap-based buffer overflow in the application that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. P...

7.8CVSS7.8AI score0.00335EPSS
CVE
CVE
added 2025/02/11 5:10 p.m.69 views

CVE-2025-21126

The CVE-2025-21126 case concerns Adobe InDesign Desktop (ID20.0, ID19.5.1 and earlier) with an Improper Input Validation vulnerability that can cause an application crash and denial of service. Documents consistently describe the issue as requiring user interaction (victim opens a malicious file)...

5.5CVSS5.5AI score0.0024EPSS
CVE
CVE
added 2025/02/11 5:10 p.m.69 views

CVE-2025-21158

CVE-2025-21158 affects Adobe InDesign Desktop (ID20.0, ID19.5.1 and earlier). Root cause: integer underflow (wrap/wraparound) in a local-execution path that, with user interaction (open a malicious file), could lead to arbitrary code execution in the current user context. Affected component is In...

7.8CVSS7.8AI score0.00305EPSS
CVE
CVE
added 2025/02/11 5:10 p.m.68 views

CVE-2025-21124

Adobe InDesign CVE-2025-21124 affects InDesign Desktop versions ID20.0, ID19.5.1 and earlier with an out-of-bounds read vulnerability that could disclose sensitive memory and bypass mitigations such as ASLR. Exploitation requires user interaction (victim opens a malicious file). Affected product/...

5.5CVSS5.3AI score0.00276EPSS
CVE
CVE
added 2024/08/14 3:5 p.m.67 views

CVE-2024-41851

Summary (CVE-2024-41851): Adobe InDesign Desktop (ID19.4, ID18.5.2 and earlier) is affected by an Integer Overflow/Wraparound in parsing certain files, enabling arbitrary code execution in the context of the current user. Exploitation requires user interaction (open a malicious file). Affected pr...

7.8CVSS7.8AI score0.00335EPSS
CVE
CVE
added 2024/11/12 8:45 p.m.67 views

CVE-2024-49507

Adobe InDesign Desktop (ID18.5.2, ID19.5 and earlier) is affected by a heap-based buffer overflow that can allow arbitrary code execution in the current user’s context. Exploitation requires user interaction (opening a malicious file). APSB24-88 and related advisories indicate updates to fixed bu...

7.8CVSS7.8AI score0.00461EPSS
CVE
CVE
added 2024/08/14 3:5 p.m.66 views

CVE-2024-41850

CVE-2024-41850 is a vulnerability in Adobe InDesign Desktop, affecting versions ID19.4, ID18.5.2 and earlier. The issue is described as a heap-based buffer overflow that could allow arbitrary code execution in the context of the current user, with exploitation requiring user interaction (the vict...

7.8CVSS7.8AI score0.00361EPSS
CVE
CVE
added 2024/08/14 3:5 p.m.66 views

CVE-2024-41852

CVE-2024-41852 affects Adobe InDesign Desktop for Windows, specifically ID19.4, ID18.5.2 and earlier. It is a stack-based buffer overflow that can enable arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). The CV...

7.8CVSS7.8AI score0.00361EPSS
CVE
CVE
added 2026/02/10 5:59 p.m.66 views

CVE-2026-21358

Adobe InDesign Desktop (versions 21.1, 20.5.1 and earlier) is affected by a heap-based buffer overflow that could crash the application (DoS) when a user opens a malicious file. Exploitation requires user interaction; attack vector is local with low complexity and no privileges, yielding a high a...

5.5CVSS5.5AI score0.00154EPSS
CVE
CVE
added 2024/07/09 7:18 p.m.65 views

CVE-2024-20782

Summary: Adobe InDesign Desktop vulnerable to an out-of-bounds write (affecting ID19.3, ID18.5.2 and earlier) that could lead to arbitrary code execution in the context of the current user. Attack prerequisite: user must open a malicious file. Impact: arbitrary code execution, under the user’s pr...

7.8CVSS7.8AI score0.00292EPSS
CVE
CVE
added 2024/08/14 3:5 p.m.65 views

CVE-2024-34127

Adobe InDesign Desktop: CVE-2024-34127 is an out-of-bounds read vulnerability in TIF file parsing affecting ID19.4, ID18.5.2 and earlier. Root cause is an out-of-bounds read that could disclose memory and bypass ASLR; exploitation requires user interaction (open a malicious file). Impact is memor...

5.5CVSS5.1AI score0.00304EPSS
CVE
CVE
added 2024/08/14 3:5 p.m.65 views

CVE-2024-39390

Adobe InDesign Desktop prior to 18.5.3 and 19.0+ (ID19.4, ID18.5.2 and earlier) is affected by an out-of-bounds write that could allow arbitrary code execution with the user’s context after opening a malicious file. The advisory APSB24-56 and related advisories indicate updates are available to f...

7.8CVSS7.9AI score0.00295EPSS
CVE
CVE
added 2025/03/11 5:43 p.m.65 views

CVE-2025-24452

CVE-2025-24452 affects Adobe InDesign Desktop (IDs ID20.1, ID19.5.2 and earlier) and is caused by an out-of-bounds write in a vulnerable component, enabling arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file (user interaction). Ver...

7.8CVSS7.9AI score0.00277EPSS
CVE
CVE
added 2024/07/09 7:18 p.m.64 views

CVE-2024-20783

CVE-2024-20783 affects Adobe InDesign Desktop: ID19.3, ID18.5.2 and earlier. Affected component is a heap-based buffer overflow in InDesign that can lead to arbitrary code execution in the context of the current user when a victim opens a malicious file. Exploit requires user interaction (opening...

7.8CVSS7.8AI score0.00361EPSS
CVE
CVE
added 2024/11/12 8:45 p.m.64 views

CVE-2024-49508

CVE-2024-49508 concerns InDesign Desktop. Affected: ID18.5.2, ID19.5 and earlier. Issue: a heap-based buffer overflow that can allow arbitrary code execution in the current user context. Exploitation requires user interaction (victim must open a malicious file). Connected sources confirm the vuln...

7.8CVSS7.8AI score0.00461EPSS
CVE
CVE
added 2024/07/09 7:18 p.m.63 views

CVE-2024-20785

Adobe InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a heap-based buffer overflow that could allow arbitrary code execution in the context of the current user when a victim opens a malicious file. Exploitation requires user interaction (open of a crafted file). Affected pr...

7.8CVSS7.8AI score0.00361EPSS
CVE
CVE
added 2024/08/14 3:5 p.m.63 views

CVE-2024-39393

Adobe InDesign Desktop (ID19.4, ID18.5.2 and earlier) is affected by CVE-2024-39393 due to an out-of-bounds read while parsing crafted files, potentially allowing code execution in the caller’s context. Exploitation requires user interaction (victim opens a malicious file). Affected versions are ...

7.8CVSS7.5AI score0.00332EPSS
CVE
CVE
added 2024/11/21 4:35 p.m.63 views

CVE-2024-49529

CVE-2024-49529 affects Adobe InDesign Desktop versions 19.0, 20.0 and earlier with an out-of-bounds read that could disclose memory and bypass ASLR. Exploitation requires user interaction (open a malicious file). Public detail from multiple sources confirms this is a memory-leak/Out-of-bounds Rea...

5.5CVSS5.3AI score0.00277EPSS
CVE
CVE
added 2025/03/11 5:43 p.m.63 views

CVE-2025-27171

CVE-2025-27171 affects Adobe InDesign Desktop (ID20.1, ID19.5.2 and earlier). The issue is a heap-based buffer overflow in InDesign components that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (the user must open a malicious file)...

7.8CVSS7.8AI score0.00312EPSS
CVE
CVE
added 2024/08/14 3:5 p.m.62 views

CVE-2024-39391

CVE-2024-39391 affects Adobe InDesign Desktop versions ID19.4, ID18.5.2 and earlier. The issue is an out-of-bounds write that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. Multiple connected so...

7.8CVSS7.9AI score0.00301EPSS
CVE
CVE
added 2024/08/14 3:5 p.m.62 views

CVE-2024-41853

CVE-2024-41853 – Adobe InDesign Desktop : A heap-based buffer overflow in InDesign Desktop (IDs ID19.4, ID18.5.2 and earlier) could allow arbitrary code execution in the user’s context. Exploitation requires user interaction—opening a malicious file. The CVSSv3.1 base score is 7.8 (High) with loc...

7.8CVSS7.8AI score0.00361EPSS
CVE
CVE
added 2025/03/11 5:43 p.m.62 views

CVE-2025-27175

CVE-2025-27175 affects Adobe InDesign Desktop (ID20.1, ID19.5.2 and earlier). The issue is an out-of-bounds write in InDesign’s handling of a file, leading to arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file...

7.8CVSS7.8AI score0.00258EPSS
CVE
CVE
added 2024/08/14 3:5 p.m.61 views

CVE-2024-39394

Adobe InDesign Desktop (Windows/macOS) versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability (CVE-2024-39394) that could enable arbitrary code execution in the current user context. Exploitation requires the user to open a malicious file. A security update is ...

7.8CVSS7.9AI score0.00295EPSS
CVE
CVE
added 2025/03/11 5:43 p.m.60 views

CVE-2025-27166

Adobe InDesign Desktop (ID20.1, ID19.5.2 and earlier) is affected by CVE-2025-27166: an out-of-bounds write that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious file). Mitigation: Adobe’s APSB25-19 security updat...

7.8CVSS7.8AI score0.00258EPSS
CVE
CVE
added 2024/08/14 3:5 p.m.59 views

CVE-2024-41866

Adobe InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could crash the application and cause a denial-of-service. Exploitation requires user interaction (victim opens a malicious file). The issue is listed among APSB24-56 and ass...

5.5CVSS5.3AI score0.00262EPSS
CVE
CVE
added 2024/11/12 8:45 p.m.59 views

CVE-2024-49511

CVE-2024-49511 describes an out-of-bounds read in Adobe InDesign Desktop for ID18.5.3, ID19.5, and earlier, which can disclose sensitive memory and bypass ASLR. Exploitation requires user interaction (opening a malicious file). Connected documents confirm affected versions and the vulnerability c...

5.5CVSS5.1AI score0.00283EPSS
CVE
CVE
added 2025/06/10 4:22 p.m.59 views

CVE-2025-43590

CVE-2025-43590 affects Adobe InDesign Desktop versions ID20.2, ID19.5.3 and earlier, due to an out-of-bounds write that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction (the victim must open a malicious file). Multiple sources (inclu...

7.8CVSS7.8AI score0.00228EPSS
CVE
CVE
added 2024/08/14 3:5 p.m.58 views

CVE-2024-39389

CVE-2024-39389 (InDesign) affects InDesign Desktop ID19.4, ID18.5.2 and earlier. It is a stack-based buffer overflow in PDF file parsing that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious file). Adobe’s AP...

7.8CVSS7.8AI score0.00365EPSS
CVE
CVE
added 2024/08/14 3:5 p.m.58 views

CVE-2024-39395

CVE-2024-39395 affects Adobe InDesign Desktop up to ID19.4 and ID18.5.2 and earlier, due to a NULL Pointer Dereference that can crash the application and cause a DoS. Exploitation requires user interaction, as a victim must open a malicious file. The vulnerability is listed with a CVSS v3.1 base ...

5.5CVSS5.3AI score0.00271EPSS
CVE
CVE
added 2024/11/12 8:45 p.m.58 views

CVE-2024-49509

Adobe InDesign Desktop (ID18.5.3, ID19.5 and earlier) is affected by a heap-based buffer overflow (CWE-122) that could allow arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file. The issue is addressed in APSB24-88 with security upda...

7.8CVSS7.8AI score0.00435EPSS
CVE
CVE
added 2025/06/10 4:23 p.m.58 views

CVE-2025-43558

The CVE-2025-43558 entry applies to Adobe InDesign Desktop versions ID20.2, ID19.5.3 and earlier, with an out-of-bounds write vulnerability that could allow arbitrary code execution in the user’s context. Exploitation requires user interaction (victim must open a specially crafted file). The issu...

7.8CVSS7.8AI score0.00228EPSS
CVE
CVE
added 2024/08/14 3:5 p.m.57 views

CVE-2024-41854

Adobe InDesign CVE-2024-41854 describes an out-of-bounds read vulnerability in InDesign Desktop (IDs 19.4, 18.5.2 and earlier) that could disclose memory and bypass ASLR. Exploitation requires a user to open a malicious file. The issue is cited in multiple sources (APSB24-56 advisory; Nessus desc...

5.5CVSS5.1AI score0.00301EPSS
CVE
CVE
added 2024/10/09 2:18 p.m.56 views

CVE-2024-45137

CVE-2024-45137 affects Adobe InDesign Desktop versions 19.4, 18.5.3 and earlier. The issue is an Unrestricted Upload of File with Dangerous Type that could allow an attacker to achieve arbitrary code execution when a malicious file is uploaded and executed. Exploitation requires user interaction....

7.8CVSS7.8AI score0.00259EPSS
CVE
CVE
added 2025/06/10 4:23 p.m.56 views

CVE-2025-43593

Summary (CVE-2025-43593) : InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that can lead to arbitrary code execution in the current user context. Exploitation requires user interaction (victim opens a malicious file). Multiple connected ...

7.8CVSS7.8AI score0.00228EPSS
CVE
CVE
added 2025/06/10 4:23 p.m.55 views

CVE-2025-30321

CVE-2025-30321 refers to a NULL Pointer Dereference in Adobe InDesign Desktop (ID20.2, ID19.5.3 and earlier) that can lead to application denial-of-service. The issue requires user interaction: a victim must open a malicious file. Connected advisories confirm multiple in-effect vulnerabilities an...

5.5CVSS5.2AI score0.00213EPSS
CVE
CVE
added 2024/11/12 8:45 p.m.54 views

CVE-2024-49510

CVE-2024-49510 is an out-of-bounds read vulnerability in Adobe InDesign Desktop versions ID18.5.3, ID19.5 and earlier, capable of memory disclosure and potential ASLR bypass. Exploitation requires the victim to open a malicious file, with local attack vector. Connected sources corroborate the con...

5.5CVSS5.1AI score0.00283EPSS
CVE
CVE
added 2024/11/12 8:45 p.m.54 views

CVE-2024-49512

CVE-2024-49512 affects Adobe InDesign Desktop (ID18.5.3, ID19.5 and earlier). It is an out-of-bounds read that could disclose memory and bypass ASLR; exploitation requires a user to open a malicious file. Connected sources confirm affected versions and impact; remediation is Adobe APSB24-88 secur...

5.5CVSS5.3AI score0.00283EPSS
CVE
CVE
added 2025/06/10 4:23 p.m.53 views

CVE-2025-30317

InDesign Desktop (ID20.2, ID19.5.3 and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). Several connected sources corroborate...

7.8CVSS7.8AI score0.00286EPSS
CVE
CVE
added 2025/06/10 4:23 p.m.53 views

CVE-2025-43589

Summary: CVE-2025-43589 affects Adobe InDesign Desktop, specifically versions ID20.2, ID19.5.3 and earlier. The issue is a Use-After-Free vulnerability that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (the victim must open a mali...

7.8CVSS7.8AI score0.00272EPSS
Total number of security vulnerabilities106