EUVD-2026-22438
GHSA-fvjj-hmp9-fr4c
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Out-of-bounds read in Adobe InDesign Desktop versions 20.5.2, 21.2, and earlier enables arbitrary code execution when users open malicious files. Attack requires local access and user interaction (CVSS AV:L/UI:R) but no authentication (PR:N), allowing attackers with file delivery capability to execute code as the victim user. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: inventory all InDesign Desktop installations and document affected versions (20.5.2, 21.2, and earlier); disable InDesign's automatic file opening features and restrict file access from untrusted sources. Within 7 days: implement application whitelisting for InDesign executables; block suspicious .indd and related document types at email gateways; brief users on opening files only from verified sources. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today