EUVD-2026-22651
GHSA-qgg3-vppq-vr2q
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Heap-based buffer overflow in Adobe InDesign Desktop versions 20.5.2, 21.2 and earlier enables arbitrary code execution with high impact to confidentiality, integrity, and availability when users open malicious files. The vulnerability requires local access and user interaction (opening a crafted document), with no authentication barriers (CVSS PR:N). …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
24 hours: Inventory all Adobe InDesign installations (versions 20.5.2, 21.2, and earlier) across the organization and disable external document handling where operationally feasible; notify design and publishing teams to avoid opening files from untrusted sources. 7 days: Implement strict file-source validation policies requiring all external InDesign documents (.indd, .idml) to be scanned and verified before opening; configure application sandboxing or run InDesign in isolated virtual environments for high-risk document processing. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today