106 matches found
CVE-2025-47104
InDesign Desktop, affected versions ID20.2, ID19.5.3 and earlier, suffer an out-of-bounds read that can disclose memory and bypass mitigations like ASLR. Exploitation requires user interaction (victim opens a malicious file). Adobe has issued a security update (APSB25-53) addressing these vulnera...
CVE-2025-47106
Affected product: Adobe InDesign Desktop (ID20.2, ID19.5.3 and earlier). The CVE-2025-47106 issue is a Use After Free vulnerability that could disclose memory and bypass ASLR. Exploitation requires user interaction (victim opens a malicious file). Public details across connected sources confirm m...
CVE-2025-47105
Adobe InDesign Desktop (Windows) is affected by an out-of-bounds read in ID20.2, ID19.5.3 and earlier, potentially leaking memory and bypassing ASLR. Exploitation requires a user to open a malicious file. Connected advisories confirm fixes in APSB25-53; users should upgrade to released patches (e...
CVE-2024-39396
CVE-2024-39396 affects Adobe InDesign Desktop for ID18.5.2, ID19.3 and earlier, due to an out-of-bounds read in the PCX parsing path that can disclose memory. Exploitation requires user interaction (victim opens a malicious file). Mitigation details across connected sources indicate a patch path ...
CVE-2024-39392
Adobe InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a Heap-based Buffer Overflow that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious file). Affects InDesign on Windows/macOS per sources....
CVE-2025-30319
The CVE-2025-30319 issue affects Adobe InDesign Desktop versions ID19.5.2, ID20.2 and earlier, as listed in multiple feeds. The vulnerability is a NULL Pointer Dereference that can cause an application denial-of-service. Exploitation requires user interaction: a victim must open a malicious file....
CVE-2025-30320
CVE-2025-30320 affects Adobe InDesign Desktop versions ID19.5.2, ID20.2 and earlier. The vulnerability is a NULL pointer dereference that could crash the application and cause a denial of service. Exploitation requires the user to open a malicious file, i.e., user interaction is needed. Remediati...
CVE-2025-43594
CVE-2025-43594 affects Adobe InDesign Desktop up to version 19.5.3 (and earlier). The vulnerability is an out-of-bounds write that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. The CVSSv3.1 bas...
CVE-2025-30318
Adobe InDesign Desktop (IDs ID19.5.2, ID20.2 and older) is affected by an out-of-bounds write vulnerability (CWE-787) in a core component that could allow arbitrary code execution in the user’s context. Exploitation requires user interaction (the victim must open a malicious file). Multiple conne...
CVE-2026-34699
Affected software: InDesign Desktop versions 21.3, 20.5.3 and earlier. Vulnerability type: Heap-based Buffer Overflow (CWE-122) that could enable arbitrary code execution in the context of the current user. Impact: High (arbitrary code execution). Exploit requirement: User interaction—victim must...
CVE-2026-34701
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a heap-based buffer overflow that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file. The CVSSv3.1 base score is 7.8 ( HIGH ) with...
CVE-2025-54207
CVE-2025-54207 affects Adobe InDesign Desktop, specifically versions 20.4 and 19.5.4 and earlier. It describes an uninitialized pointer vulnerability that can lead to arbitrary code execution in the context of the current user, with exploitation requiring a user to open a malicious file. Connecte...
CVE-2025-54206
CVE-2025-54206 affects Adobe InDesign Desktop. Versions 20.4 and earlier, and 19.5.4 and earlier are vulnerable to an out-of-bounds write that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (the victim must open a malicious file). C...
CVE-2025-54213
Adobe InDesign Desktop is affected by CVE-2025-54213: an out-of-bounds write vulnerability in InDesign Desktop versions 20.4 and 19.5.4 and earlier could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious file). The issue...
CVE-2025-54211
CVE-2025-54211 affects Adobe InDesign Desktop (versions 20.4, 19.5.4 and earlier). It describes a heap-based buffer overflow that could allow arbitrary code execution in the context of the current user. Exploitation requires the victim to open a malicious file (user interaction). The CVSS data in...
CVE-2026-34695
Summary: InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a stack-based buffer overflow that could allow arbitrary code execution in the context of the current user . Exploitation requires the user to open a malicious file , i.e., a user interaction prerequisite. The available s...
CVE-2026-34698
CVE-2026-34698 affects Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier. The issue is a heap-based buffer overflow in a component used by InDesign, leading to arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a maliciou...
CVE-2026-21276
CVE-2026-21276 (InDesign Desktop). Affected: InDesign Desktop versions 21.0, 19.5.5 and earlier. Issue: Access of Uninitialized Pointer leading to arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file. Mitigation...
CVE-2026-34703
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL pointer dereference that can crash the application and cause a denial-of-service condition. Exploitation requires user interaction: the victim must open a malicious file. The available documents do not provide a remediation...
CVE-2025-43592
Adobe InDesign Desktop is affected by an Access of Uninitialized Pointer vulnerability in versions 19.5.3 and earlier, enabling arbitrary code execution in the user context when a malicious file is opened. Exploitation requires user interaction. The available connected sources indicate the affect...
CVE-2025-54208
Adobe InDesign Desktop is affected by CVE-2025-54208: out-of-bounds write leading to arbitrary code execution in the current user context. Affected versions include 20.4 and 19.5.4 and earlier. Exploitation requires user interaction (victim must open a malicious file); attack vector is local and ...
CVE-2025-54227
CVE-2025-54227 affects Adobe InDesign Desktop. InDesign Desktop versions 20.4 and earlier (including 19.5.4) are affected by an out-of-bounds read that can disclose memory. Exploitation requires user interaction (open a malicious file). The issue is addressed by Adobe APSB25-79 security update; u...
CVE-2025-54228
CVE-2025-54228 affects Adobe InDesign Desktop versions 20.4, 19.5.4 and earlier. The issue is an out-of-bounds read vulnerability that could disclose sensitive memory. Exploitation requires user interaction: a victim must open a malicious file. Remediation is available: Adobe’s APSB25-79 security...
CVE-2025-54212
Adobe InDesign Desktop CVE-2025-54212 is a heap-based buffer overflow affecting InDesign Desktop up to version 20.4 and 19.5.4 and earlier, enabling arbitrary code execution in the current user context when a user opens a crafted file. Exploitation requires user interaction. Adobe/APSB25-79 notes...
CVE-2025-54224
Adobe InDesign Desktop is affected by CVE-2025-54224 (Use After Free) in versions 20.4, 19.5.4 and earlier, potentially allowing arbitrary code execution in the context of the current user. Exploitation requires a user to open a specially crafted file (user interaction). Root cause is a Use After...
CVE-2025-54225
CVE-2025-54225 concerns Adobe InDesign Desktop (versions 20.4, 19.5.4 and earlier) with a Use-After-Free vulnerability that could allow arbitrary code execution in the context of the current user. Exploitation requires the victim to open a crafted file (user interaction). Publicly disclosed sourc...
CVE-2026-34697
CVE-2026-34697 affects InDesign Desktop versions 21.3, 20.5.3 and earlier. It is a stack-based buffer overflow in a component used by InDesign that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file...
CVE-2025-47103
Summary: CVE-2025-47103 is a heap-based buffer overflow in Adobe InDesign Desktop versions 19.5.3 and earlier, allowing arbitrary code execution in the context of the current user when a user opens a malicious file. Impact details: requires user interaction; vulnerable component is InDesign Deskt...
CVE-2025-54209
Adobe InDesign Desktop is affected by a Heap-based Buffer Overflow (CVE-2025-54209) that could allow arbitrary code execution in the context of the current user. Affected versions: 20.4, 19.5.4 and earlier. Exploitation requires user interaction (opening a malicious file). Documented impact: arbi...
CVE-2025-54214
Adobe InDesign Desktop is affected by an out-of-bounds read (CVE-2025-54214) in versions 20.4, 19.5.4 and earlier, which could disclose memory contents. Exploitation requires user interaction (open a malicious file). Connected sources confirm the issue and note that updates address the vulnerabil...
CVE-2025-54210
Product: Adobe InDesign Desktop. Vulnerability: Out-of-bounds write (CWE-787) leading to arbitrary code execution in the context of the current user. Root cause / condition: Triggered when a user opens a specially crafted file. Affected versions: InDesign Desktop 20.4 and earlier; 19.5.4 and earl...
CVE-2025-43591
Summary. InDesign Desktop 19.5.3 and earlier are affected by a heap-based buffer overflow in the way files are processed, potentially allowing arbitrary code execution in the user’s context. Affected entries across sources consistently note exploitation requires the user to open a malicious file ...
CVE-2025-47134
Adobe InDesign Desktop (versions 19.5.3 and earlier) is affected by a heap-based buffer overflow in the handling of crafted files, which could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious file). The CVE is CVE-2025-...
CVE-2026-21357
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow that could allow arbitrary code execution in the current user context. Exploitation requires user interaction, specifically the victim opening a malicious file. CVSSv3.1 base score 7.8 (HIGH) with Loca...
CVE-2026-34627
CVE-2026-34627 affects InDesign Desktop versions 20.5.2, 21.2 and earlier. It is a heap-based buffer overflow that could lead to arbitrary code execution in the current user’s context. Exploitation requires user interaction (victim opens a malicious file). CVSS v3.1: 7.8 ( HIGH ) with LOCAL attac...
CVE-2026-48293
InDesign Desktop vulnerable versions are 21.3, 20.5.3 and earlier to an out-of-bounds write that can enable arbitrary code execution in the current user context. The issue requires user interaction: a victim must open a malicious file. Documented impact is high (CVE-2026-48293) with local attack ...
CVE-2025-47136
CVE-2025-47136 affects Adobe InDesign Desktop (versions 19.5.3 and earlier). The issue is an Integer Underflow (Wrap or Wraparound) in InDesign Desktop, enabling arbitrary code execution in the context of the current user when a user opens a malicious file. CVSSv3.1 metrics from the entry imply l...
CVE-2025-54226
Summary: InDesign Desktop versions 20.4 and earlier (including 19.5.4 and earlier) are affected by a Use After Free vulnerability (CWE-416) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious file). The issue is...
CVE-2026-34696
The vulnerability CVE-2026-34696 affects Adobe InDesign Desktop, including version 21.3 and 20.5.3 and earlier. The issue is a Use After Free weakness in the product’s handling of certain resources, leading to arbitrary code execution in the context of the current user. Exploitation requires user...
CVE-2026-34704
CVE-2026-34704 affects InDesign Desktop versions 21.3, 20.5.3 and earlier. The issue is a NULL Pointer Dereference that can crash the application and cause a denial-of-service. Exploitation requires user interaction (victim must open a malicious file). No remediation details are provided in the s...
CVE-2026-34702
CVE-2026-34702 affects Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier. The issue is a stack-based buffer overflow that could allow arbitrary code execution in the context of the current user . Exploitation requires user interaction, with the attacker delivering a malicious file that the...
CVE-2026-34705
CVE-2026-34705 affects InDesign Desktop versions 21.3, 20.5.3 and earlier. It is an out-of-bounds read (CWE-125) vulnerability that could disclose sensitive memory. According to the documents, exploitation requires user interaction: a victim must open a malicious file. The CVSS metrics indicate a...
CVE-2026-21275
CVE-2026-21275 affects Adobe InDesign Desktop, versions 21.0, 19.5.5 and earlier. The issue is an Access of Uninitialized Pointer that could allow arbitrary code execution in the context of the current user when a malicious file is opened, requiring user interaction. Red Hat, NVD, and other sourc...
CVE-2026-21304
CVE-2026-21304 concerns Adobe InDesign Desktop versions 21.0, 19.5.5 and earlier, affected by a heap-based buffer overflow that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file. The vulnerability...
CVE-2026-34700
CVE-2026-34700 affects Adobe InDesign Desktop (versions 21.3, 20.5.3 and earlier). The issue is an out-of-bounds write in the application, which could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file...
CVE-2026-21278
CVE-2026-21278 affects Adobe InDesign Desktop: versions 21.0, 19.5.5 and earlier are vulnerable to an Out-of-bounds Read that can expose memory contents. Exploitation requires user interaction (victim must open a malicious file). Red Hat and other sources corroborate the same description. The iss...
CVE-2026-21332
CVE-2026-21332 affects Adobe InDesign Desktop for Windows/macOS (versions 21.1, 20.5.1 and earlier). It is an out-of-bounds read vulnerability that can lead to memory exposure. The issue could disclose sensitive information stored in memory and requires user interaction: a victim must open a mali...
CVE-2026-21277
Summary: CVE-2026-21277 affects Adobe InDesign Desktop (versions 21.0, 19.5.5 and earlier). A heap-based buffer overflow could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a specially crafted file. Multiple sources...
CVE-2026-34629
CVE-2026-34629 affects Adobe InDesign Desktop up to version 21.2 (and 20.5.2 and earlier). It describes a heap-based buffer overflow in the application that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a mali...
CVE-2026-27238
CVE-2026-27238 affects Adobe InDesign Desktop, specifically versions 20.5.2, 21.2 and earlier. It is a Heap-based Buffer Overflow (CWE-122) that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. Th...