Indesign@* Security Vulnerabilities and Issues — Page 3 of Indesign@* CVE List

7.8CVSS7.8AI score0.00043EPSS

CVE-2024-39389

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

7.8CVSS7.9AI score0.00043EPSS

CVE-2024-39391

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

5.5CVSS5.3AI score0.00036EPSS

CVE-2024-39395

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a DoS condition. Exploitation of this issue ...

5.5CVSS5.3AI score0.00036EPSS

CVE-2024-41866

CVE•added 2024/11/12 9:15 p.m.•43 views

CVE-2024-49507

InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

7.8CVSS7.8AI score0.00035EPSS

CVE•added 2024/11/12 9:15 p.m.•43 views

CVE-2024-49512

InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in tha...

5.5CVSS5.3AI score0.00035EPSS

CVE•added 2024/12/10 9:15 p.m.•43 views

CVE-2024-49544

InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

7.8CVSS7.4AI score0.00034EPSS

CVE•added 2020/09/10 7:15 p.m.•41 views

CVE-2020-9729

A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.

7.8CVSS7.8AI score0.0378EPSS

CVE•added 2024/12/10 9:15 p.m.•41 views

CVE-2024-49549

InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in tha...

CVE•added 2024/02/29 1:41 a.m.•40 views

CVE-2023-44342

Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user i...

5.5CVSS4.9AI score0.00028EPSS

CVE•added 2024/12/10 9:15 p.m.•40 views

CVE-2024-49546

CVE•added 2024/12/10 9:15 p.m.•40 views

CVE-2024-53952

InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of thi...

5.5CVSS6.4AI score0.0005EPSS

CVE•added 2020/09/10 7:15 p.m.•39 views

CVE-2020-9730

7.8CVSS7.8AI score0.0378EPSS

CVE•added 2023/07/12 4:15 p.m.•39 views

CVE-2023-29308

Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious ...

7.8CVSS7.8AI score0.00123EPSS

CVE•added 2024/11/12 9:15 p.m.•39 views

CVE-2024-49510

5.5CVSS5.1AI score0.00035EPSS

CVE•added 2024/12/10 9:15 p.m.•39 views

CVE-2024-49547

CVE•added 2024/12/10 9:15 p.m.•39 views

CVE-2024-53951

5.5CVSS6.1AI score0.00034EPSS

CVE•added 2024/12/10 9:15 p.m.•38 views

CVE-2024-49548

CVE•added 2023/07/12 4:15 p.m.•37 views

CVE-2023-29311

CVE•added 2023/07/12 4:15 p.m.•36 views

CVE-2023-29313

CVE•added 2023/12/13 10:15 a.m.•36 views

CVE-2023-47076

Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requ...

5.5CVSS5.1AI score0.00075EPSS

CVE•added 2024/10/09 3:15 p.m.•36 views

CVE-2024-45137

InDesign Desktop versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file which, when executed, could run arbitrary cod...

7.8CVSS7.8AI score0.00041EPSS

CVE•added 2025/06/10 5:23 p.m.•36 views

CVE-2025-43558

InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

7.8CVSS7.8AI score0.00037EPSS

CVE•added 2023/07/12 4:15 p.m.•34 views

CVE-2023-29310

5.5CVSS5.9AI score0.00029EPSS

CVE•added 2023/07/12 4:15 p.m.•34 views

CVE-2023-29319

5.5CVSS5.2AI score0.00038EPSS

CVE•added 2025/06/10 5:23 p.m.•34 views

CVE-2025-43589

InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

7.8CVSS7.8AI score0.00039EPSS

CVE•added 2025/06/10 5:23 p.m.•34 views

CVE-2025-43593

7.8CVSS7.8AI score0.00037EPSS

CVE•added 2023/07/12 4:15 p.m.•33 views

CVE-2023-29309

CVE•added 2023/07/12 4:15 p.m.•33 views

CVE-2023-29318

5.5CVSS5.9AI score0.00029EPSS

CVE•added 2023/07/12 4:15 p.m.•32 views

CVE-2023-29317

CVE•added 2024/08/02 7:16 a.m.•32 views

CVE-2024-39396

InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in tha...

5.5CVSS5.3AI score0.0006EPSS

CVE•added 2025/05/13 5:15 p.m.•32 views

CVE-2025-30319

InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requir...

5.5CVSS6.6AI score0.00024EPSS

7.8CVSS7.8AI score0.00037EPSS

CVE-2025-43590

5.5CVSS5.1AI score0.00026EPSS

CVE-2025-47104

InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in tha...

5.5CVSS5.1AI score0.00026EPSS

CVE-2025-47105