Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Out-of-bounds read in Adobe InCopy 20.5.2, 21.2 and earlier allows arbitrary code execution when users open malicious files. CVSS 7.8 (High) reflects local attack vector requiring user interaction to open a weaponized document, which then triggers memory disclosure leading to code execution in user context. No public exploit identified at time of analysis. EPSS data not available, but the local-only attack vector and mandatory user interaction substantially reduce real-world risk compared to remotely exploitable flaws.
Technical ContextAI
This vulnerability stems from CWE-125 (Out-of-bounds Read) in Adobe InCopy's file parsing engine. When processing specially crafted InCopy documents, the application reads beyond allocated memory boundaries, exposing potentially sensitive data from adjacent memory regions. The affected products are Adobe InCopy versions through 20.5.2 in the 2025 release line and through 21.2 in the 2026 release line (CPE: cpe:2.3:a:adobe:incopy:*:*:*:*:*:*:*:*). Out-of-bounds reads typically occur when input validation fails to verify buffer sizes before read operations, allowing attackers to leak memory contents including pointers, credentials, or other data useful for bypassing ASLR and crafting secondary exploits. While classified as an information disclosure issue, the vendor confirms this can be chained to achieve arbitrary code execution, suggesting the memory leak enables construction of ROP chains or similar exploit primitives.
RemediationAI
Apply Adobe security updates per bulletin APSB26-33 immediately. While the vendor advisory does not specify exact patched version numbers in the provided reference data, Adobe typically releases fixes concurrent with security bulletins. Organizations should upgrade to the latest available InCopy version through Adobe Creative Cloud or download security patches from https://helpx.adobe.com/security/products/incopy/apsb26-33.html. Until patching is complete, implement defensive measures: restrict InCopy file sources to trusted publishers only, enable Adobe's Protected View or sandboxing features if available, and educate users to avoid opening unsolicited InCopy documents from email attachments or untrusted websites. Consider application whitelisting or endpoint detection rules to monitor InCopy process behavior for anomalous memory access patterns.
Adobe InCopy version 16.0 (and earlier) is affected by an path traversal vulnerability when parsing a crafted file. Rate
InCopy versions 20.0, 19.5.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that co
Heap-based buffer overflow vulnerability in Adobe InCopy versions 20.2, 19.5.3 and earlier that allows arbitrary code ex
CVE-2025-30327 is an integer overflow vulnerability in Adobe InCopy that enables arbitrary code execution with the privi
InCopy versions 20.3, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in
InCopy versions 20.3, 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could res
InCopy versions 20.3, 19.5.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that co
Arbitrary code execution in Adobe InCopy versions 21.0, 19.5.5 and earlier through a heap-based buffer overflow when use
Arbitrary code execution in Adobe InCopy 20.5.2, 21.2 and earlier allows unauthenticated local attackers to execute mali
Arbitrary code execution in Adobe InCopy versions 21.3, 20.5.3 and earlier occurs when a user opens a maliciously crafte
Arbitrary code execution in Adobe InCopy 21.3, 20.5.3, and earlier allows attackers to run code as the current user when
Stack-based buffer overflow in Adobe InCopy 21.3, 20.5.3 and earlier enables arbitrary code execution in the context of
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22706
GHSA-9fhw-q4vh-f5xw