Lucene search
+L

106 matches found

CVE
CVE
added 2025/06/10 4:23 p.m.54 views

CVE-2025-47104

InDesign Desktop, affected versions ID20.2, ID19.5.3 and earlier, suffer an out-of-bounds read that can disclose memory and bypass mitigations like ASLR. Exploitation requires user interaction (victim opens a malicious file). Adobe has issued a security update (APSB25-53) addressing these vulnera...

5.5CVSS5.1AI score0.0024EPSS
CVE
CVE
added 2025/06/10 4:22 p.m.54 views

CVE-2025-47106

Affected product: Adobe InDesign Desktop (ID20.2, ID19.5.3 and earlier). The CVE-2025-47106 issue is a Use After Free vulnerability that could disclose memory and bypass ASLR. Exploitation requires user interaction (victim opens a malicious file). Public details across connected sources confirm m...

5.5CVSS5.2AI score0.0025EPSS
CVE
CVE
added 2025/06/10 4:23 p.m.51 views

CVE-2025-47105

Adobe InDesign Desktop (Windows) is affected by an out-of-bounds read in ID20.2, ID19.5.3 and earlier, potentially leaking memory and bypassing ASLR. Exploitation requires a user to open a malicious file. Connected advisories confirm fixes in APSB25-53; users should upgrade to released patches (e...

5.5CVSS5.1AI score0.0024EPSS
CVE
CVE
added 2024/08/02 6:47 a.m.50 views

CVE-2024-39396

CVE-2024-39396 affects Adobe InDesign Desktop for ID18.5.2, ID19.3 and earlier, due to an out-of-bounds read in the PCX parsing path that can disclose memory. Exploitation requires user interaction (victim opens a malicious file). Mitigation details across connected sources indicate a patch path ...

5.5CVSS5.3AI score0.00233EPSS
CVE
CVE
added 2024/08/02 6:47 a.m.49 views

CVE-2024-39392

Adobe InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a Heap-based Buffer Overflow that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious file). Affects InDesign on Windows/macOS per sources....

7.8CVSS7.8AI score0.00378EPSS
CVE
CVE
added 2025/05/13 5:9 p.m.47 views

CVE-2025-30319

The CVE-2025-30319 issue affects Adobe InDesign Desktop versions ID19.5.2, ID20.2 and earlier, as listed in multiple feeds. The vulnerability is a NULL Pointer Dereference that can cause an application denial-of-service. Exploitation requires user interaction: a victim must open a malicious file....

5.5CVSS6.6AI score0.00207EPSS
CVE
CVE
added 2025/05/13 5:9 p.m.42 views

CVE-2025-30320

CVE-2025-30320 affects Adobe InDesign Desktop versions ID19.5.2, ID20.2 and earlier. The vulnerability is a NULL pointer dereference that could crash the application and cause a denial of service. Exploitation requires the user to open a malicious file, i.e., user interaction is needed. Remediati...

5.5CVSS6.6AI score0.00207EPSS
CVE
CVE
added 2025/07/08 9:49 p.m.39 views

CVE-2025-43594

CVE-2025-43594 affects Adobe InDesign Desktop up to version 19.5.3 (and earlier). The vulnerability is an out-of-bounds write that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. The CVSSv3.1 bas...

7.8CVSS7.1AI score0.002EPSS
CVE
CVE
added 2025/05/13 5:9 p.m.37 views

CVE-2025-30318

Adobe InDesign Desktop (IDs ID19.5.2, ID20.2 and older) is affected by an out-of-bounds write vulnerability (CWE-787) in a core component that could allow arbitrary code execution in the user’s context. Exploitation requires user interaction (the victim must open a malicious file). Multiple conne...

7.8CVSS7.6AI score0.00228EPSS
CVE
CVE
added 2026/06/09 5:43 p.m.35 views

CVE-2026-34699

Affected software: InDesign Desktop versions 21.3, 20.5.3 and earlier. Vulnerability type: Heap-based Buffer Overflow (CWE-122) that could enable arbitrary code execution in the context of the current user. Impact: High (arbitrary code execution). Exploit requirement: User interaction—victim must...

7.8CVSS6.2AI score0.00175EPSS
CVE
CVE
added 2026/06/09 5:43 p.m.34 views

CVE-2026-34701

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a heap-based buffer overflow that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file. The CVSSv3.1 base score is 7.8 ( HIGH ) with...

7.8CVSS6.2AI score0.00175EPSS
CVE
CVE
added 2025/08/12 8:55 p.m.33 views

CVE-2025-54207

CVE-2025-54207 affects Adobe InDesign Desktop, specifically versions 20.4 and 19.5.4 and earlier. It describes an uninitialized pointer vulnerability that can lead to arbitrary code execution in the context of the current user, with exploitation requiring a user to open a malicious file. Connecte...

7.8CVSS7.5AI score0.00259EPSS
CVE
CVE
added 2025/08/12 8:54 p.m.32 views

CVE-2025-54206

CVE-2025-54206 affects Adobe InDesign Desktop. Versions 20.4 and earlier, and 19.5.4 and earlier are vulnerable to an out-of-bounds write that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (the victim must open a malicious file). C...

7.8CVSS7.6AI score0.00243EPSS
CVE
CVE
added 2025/08/12 8:54 p.m.32 views

CVE-2025-54213

Adobe InDesign Desktop is affected by CVE-2025-54213: an out-of-bounds write vulnerability in InDesign Desktop versions 20.4 and 19.5.4 and earlier could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious file). The issue...

7.8CVSS7.6AI score0.00258EPSS
CVE
CVE
added 2025/08/12 8:55 p.m.31 views

CVE-2025-54211

CVE-2025-54211 affects Adobe InDesign Desktop (versions 20.4, 19.5.4 and earlier). It describes a heap-based buffer overflow that could allow arbitrary code execution in the context of the current user. Exploitation requires the victim to open a malicious file (user interaction). The CVSS data in...

7.8CVSS7.6AI score0.00285EPSS
CVE
CVE
added 2026/06/09 5:43 p.m.31 views

CVE-2026-34695

Summary: InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a stack-based buffer overflow that could allow arbitrary code execution in the context of the current user . Exploitation requires the user to open a malicious file , i.e., a user interaction prerequisite. The available s...

7.8CVSS6.2AI score0.00175EPSS
CVE
CVE
added 2026/06/09 5:43 p.m.31 views

CVE-2026-34698

CVE-2026-34698 affects Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier. The issue is a heap-based buffer overflow in a component used by InDesign, leading to arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a maliciou...

7.8CVSS6.2AI score0.00175EPSS
CVE
CVE
added 2026/01/13 6:35 p.m.30 views

CVE-2026-21276

CVE-2026-21276 (InDesign Desktop). Affected: InDesign Desktop versions 21.0, 19.5.5 and earlier. Issue: Access of Uninitialized Pointer leading to arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file. Mitigation...

7.8CVSS7.3AI score0.00216EPSS
CVE
CVE
added 2026/06/09 5:43 p.m.30 views

CVE-2026-34703

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL pointer dereference that can crash the application and cause a denial-of-service condition. Exploitation requires user interaction: the victim must open a malicious file. The available documents do not provide a remediation...

5.5CVSS5.5AI score0.0013EPSS
CVE
CVE
added 2025/07/08 9:49 p.m.29 views

CVE-2025-43592

Adobe InDesign Desktop is affected by an Access of Uninitialized Pointer vulnerability in versions 19.5.3 and earlier, enabling arbitrary code execution in the user context when a malicious file is opened. Exploitation requires user interaction. The available connected sources indicate the affect...

7.8CVSS7AI score0.00228EPSS
CVE
CVE
added 2025/08/12 8:54 p.m.29 views

CVE-2025-54208

Adobe InDesign Desktop is affected by CVE-2025-54208: out-of-bounds write leading to arbitrary code execution in the current user context. Affected versions include 20.4 and 19.5.4 and earlier. Exploitation requires user interaction (victim must open a malicious file); attack vector is local and ...

7.8CVSS7.6AI score0.00226EPSS
CVE
CVE
added 2025/08/12 8:54 p.m.29 views

CVE-2025-54227

CVE-2025-54227 affects Adobe InDesign Desktop. InDesign Desktop versions 20.4 and earlier (including 19.5.4) are affected by an out-of-bounds read that can disclose memory. Exploitation requires user interaction (open a malicious file). The issue is addressed by Adobe APSB25-79 security update; u...

5.5CVSS6.4AI score0.00269EPSS
CVE
CVE
added 2025/08/12 8:54 p.m.29 views

CVE-2025-54228

CVE-2025-54228 affects Adobe InDesign Desktop versions 20.4, 19.5.4 and earlier. The issue is an out-of-bounds read vulnerability that could disclose sensitive memory. Exploitation requires user interaction: a victim must open a malicious file. Remediation is available: Adobe’s APSB25-79 security...

5.5CVSS6.4AI score0.00269EPSS
CVE
CVE
added 2025/08/12 8:54 p.m.28 views

CVE-2025-54212

Adobe InDesign Desktop CVE-2025-54212 is a heap-based buffer overflow affecting InDesign Desktop up to version 20.4 and 19.5.4 and earlier, enabling arbitrary code execution in the current user context when a user opens a crafted file. Exploitation requires user interaction. Adobe/APSB25-79 notes...

7.8CVSS7.6AI score0.00291EPSS
CVE
CVE
added 2025/08/12 8:54 p.m.28 views

CVE-2025-54224

Adobe InDesign Desktop is affected by CVE-2025-54224 (Use After Free) in versions 20.4, 19.5.4 and earlier, potentially allowing arbitrary code execution in the context of the current user. Exploitation requires a user to open a specially crafted file (user interaction). Root cause is a Use After...

7.8CVSS7.6AI score0.00308EPSS
CVE
CVE
added 2025/08/12 8:54 p.m.28 views

CVE-2025-54225

CVE-2025-54225 concerns Adobe InDesign Desktop (versions 20.4, 19.5.4 and earlier) with a Use-After-Free vulnerability that could allow arbitrary code execution in the context of the current user. Exploitation requires the victim to open a crafted file (user interaction). Publicly disclosed sourc...

7.8CVSS7.6AI score0.00308EPSS
CVE
CVE
added 2026/06/09 5:43 p.m.28 views

CVE-2026-34697

CVE-2026-34697 affects InDesign Desktop versions 21.3, 20.5.3 and earlier. It is a stack-based buffer overflow in a component used by InDesign that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file...

7.8CVSS6.2AI score0.00175EPSS
CVE
CVE
added 2025/07/08 9:48 p.m.27 views

CVE-2025-47103

Summary: CVE-2025-47103 is a heap-based buffer overflow in Adobe InDesign Desktop versions 19.5.3 and earlier, allowing arbitrary code execution in the context of the current user when a user opens a malicious file. Impact details: requires user interaction; vulnerable component is InDesign Deskt...

7.8CVSS7AI score0.00251EPSS
CVE
CVE
added 2025/08/12 8:54 p.m.27 views

CVE-2025-54209

Adobe InDesign Desktop is affected by a Heap-based Buffer Overflow (CVE-2025-54209) that could allow arbitrary code execution in the context of the current user. Affected versions: 20.4, 19.5.4 and earlier. Exploitation requires user interaction (opening a malicious file). Documented impact: arbi...

7.8CVSS7.6AI score0.00318EPSS
CVE
CVE
added 2025/08/12 8:55 p.m.27 views

CVE-2025-54214

Adobe InDesign Desktop is affected by an out-of-bounds read (CVE-2025-54214) in versions 20.4, 19.5.4 and earlier, which could disclose memory contents. Exploitation requires user interaction (open a malicious file). Connected sources confirm the issue and note that updates address the vulnerabil...

5.5CVSS6.4AI score0.00269EPSS
CVE
CVE
added 2025/08/12 8:54 p.m.25 views

CVE-2025-54210

Product: Adobe InDesign Desktop. Vulnerability: Out-of-bounds write (CWE-787) leading to arbitrary code execution in the context of the current user. Root cause / condition: Triggered when a user opens a specially crafted file. Affected versions: InDesign Desktop 20.4 and earlier; 19.5.4 and earl...

7.8CVSS7.6AI score0.00258EPSS
CVE
CVE
added 2025/07/08 9:49 p.m.24 views

CVE-2025-43591

Summary. InDesign Desktop 19.5.3 and earlier are affected by a heap-based buffer overflow in the way files are processed, potentially allowing arbitrary code execution in the user’s context. Affected entries across sources consistently note exploitation requires the user to open a malicious file ...

7.8CVSS7AI score0.00251EPSS
CVE
CVE
added 2025/07/08 9:49 p.m.24 views

CVE-2025-47134

Adobe InDesign Desktop (versions 19.5.3 and earlier) is affected by a heap-based buffer overflow in the handling of crafted files, which could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious file). The CVE is CVE-2025-...

7.8CVSS7AI score0.00251EPSS
CVE
CVE
added 2026/02/10 5:59 p.m.24 views

CVE-2026-21357

InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow that could allow arbitrary code execution in the current user context. Exploitation requires user interaction, specifically the victim opening a malicious file. CVSSv3.1 base score 7.8 (HIGH) with Loca...

7.8CVSS6.3AI score0.00226EPSS
CVE
CVE
added 2026/04/14 5:5 p.m.24 views

CVE-2026-34627

CVE-2026-34627 affects InDesign Desktop versions 20.5.2, 21.2 and earlier. It is a heap-based buffer overflow that could lead to arbitrary code execution in the current user’s context. Exploitation requires user interaction (victim opens a malicious file). CVSS v3.1: 7.8 ( HIGH ) with LOCAL attac...

7.8CVSS6.3AI score0.00178EPSS
CVE
CVE
added 2026/06/09 5:43 p.m.24 views

CVE-2026-48293

InDesign Desktop vulnerable versions are 21.3, 20.5.3 and earlier to an out-of-bounds write that can enable arbitrary code execution in the current user context. The issue requires user interaction: a victim must open a malicious file. Documented impact is high (CVE-2026-48293) with local attack ...

7.8CVSS6.2AI score0.00139EPSS
CVE
CVE
added 2025/07/08 9:49 p.m.23 views

CVE-2025-47136

CVE-2025-47136 affects Adobe InDesign Desktop (versions 19.5.3 and earlier). The issue is an Integer Underflow (Wrap or Wraparound) in InDesign Desktop, enabling arbitrary code execution in the context of the current user when a user opens a malicious file. CVSSv3.1 metrics from the entry imply l...

7.8CVSS7AI score0.00228EPSS
CVE
CVE
added 2025/08/12 8:54 p.m.23 views

CVE-2025-54226

Summary: InDesign Desktop versions 20.4 and earlier (including 19.5.4 and earlier) are affected by a Use After Free vulnerability (CWE-416) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious file). The issue is...

7.8CVSS7.6AI score0.00308EPSS
CVE
CVE
added 2026/06/09 5:43 p.m.23 views

CVE-2026-34696

The vulnerability CVE-2026-34696 affects Adobe InDesign Desktop, including version 21.3 and 20.5.3 and earlier. The issue is a Use After Free weakness in the product’s handling of certain resources, leading to arbitrary code execution in the context of the current user. Exploitation requires user...

7.8CVSS6.2AI score0.00166EPSS
CVE
CVE
added 2026/06/09 5:43 p.m.23 views

CVE-2026-34704

CVE-2026-34704 affects InDesign Desktop versions 21.3, 20.5.3 and earlier. The issue is a NULL Pointer Dereference that can crash the application and cause a denial-of-service. Exploitation requires user interaction (victim must open a malicious file). No remediation details are provided in the s...

5.5CVSS5.5AI score0.0013EPSS
CVE
CVE
added 2026/06/09 5:43 p.m.22 views

CVE-2026-34702

CVE-2026-34702 affects Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier. The issue is a stack-based buffer overflow that could allow arbitrary code execution in the context of the current user . Exploitation requires user interaction, with the attacker delivering a malicious file that the...

7.8CVSS6.2AI score0.00175EPSS
CVE
CVE
added 2026/06/09 5:43 p.m.22 views

CVE-2026-34705

CVE-2026-34705 affects InDesign Desktop versions 21.3, 20.5.3 and earlier. It is an out-of-bounds read (CWE-125) vulnerability that could disclose sensitive memory. According to the documents, exploitation requires user interaction: a victim must open a malicious file. The CVSS metrics indicate a...

5.5CVSS5.4AI score0.00155EPSS
CVE
CVE
added 2026/01/13 6:35 p.m.21 views

CVE-2026-21275

CVE-2026-21275 affects Adobe InDesign Desktop, versions 21.0, 19.5.5 and earlier. The issue is an Access of Uninitialized Pointer that could allow arbitrary code execution in the context of the current user when a malicious file is opened, requiring user interaction. Red Hat, NVD, and other sourc...

7.8CVSS7.3AI score0.00216EPSS
CVE
CVE
added 2026/01/13 6:35 p.m.21 views

CVE-2026-21304

CVE-2026-21304 concerns Adobe InDesign Desktop versions 21.0, 19.5.5 and earlier, affected by a heap-based buffer overflow that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file. The vulnerability...

7.8CVSS7.4AI score0.00238EPSS
CVE
CVE
added 2026/06/09 5:43 p.m.21 views

CVE-2026-34700

CVE-2026-34700 affects Adobe InDesign Desktop (versions 21.3, 20.5.3 and earlier). The issue is an out-of-bounds write in the application, which could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file...

7.8CVSS6.2AI score0.00139EPSS
CVE
CVE
added 2026/01/13 6:35 p.m.20 views

CVE-2026-21278

CVE-2026-21278 affects Adobe InDesign Desktop: versions 21.0, 19.5.5 and earlier are vulnerable to an Out-of-bounds Read that can expose memory contents. Exploitation requires user interaction (victim must open a malicious file). Red Hat and other sources corroborate the same description. The iss...

5.5CVSS5.8AI score0.0019EPSS
CVE
CVE
added 2026/02/10 5:59 p.m.20 views

CVE-2026-21332

CVE-2026-21332 affects Adobe InDesign Desktop for Windows/macOS (versions 21.1, 20.5.1 and earlier). It is an out-of-bounds read vulnerability that can lead to memory exposure. The issue could disclose sensitive information stored in memory and requires user interaction: a victim must open a mali...

5.5CVSS5.4AI score0.00153EPSS
CVE
CVE
added 2026/01/13 6:35 p.m.19 views

CVE-2026-21277

Summary: CVE-2026-21277 affects Adobe InDesign Desktop (versions 21.0, 19.5.5 and earlier). A heap-based buffer overflow could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a specially crafted file. Multiple sources...

7.8CVSS7.4AI score0.00238EPSS
CVE
CVE
added 2026/04/14 5:5 p.m.18 views

CVE-2026-34629

CVE-2026-34629 affects Adobe InDesign Desktop up to version 21.2 (and 20.5.2 and earlier). It describes a heap-based buffer overflow in the application that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a mali...

7.8CVSS6.3AI score0.00178EPSS
CVE
CVE
added 2026/04/14 4:45 p.m.17 views

CVE-2026-27238

CVE-2026-27238 affects Adobe InDesign Desktop, specifically versions 20.5.2, 21.2 and earlier. It is a Heap-based Buffer Overflow (CWE-122) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. Th...

7.8CVSS6.3AI score0.00178EPSS
Total number of security vulnerabilities106