Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Arbitrary code execution in Adobe InCopy 20.5.2, 21.2 and earlier allows unauthenticated local attackers to execute malicious code with the victim's privileges through a specially crafted file. The vulnerability stems from an out-of-bounds write (CWE-787) triggering memory corruption. Exploitation requires the victim to open a malicious document, making this a viable social engineering vector. No public exploit identified at time of analysis, though the vulnerability's local attack vector and user interaction requirement moderately constrain immediate risk.
Technical ContextAI
This vulnerability manifests as an out-of-bounds write condition (CWE-787) in Adobe InCopy's file parsing routines. Out-of-bounds write vulnerabilities occur when software writes data beyond the boundaries of allocated memory buffers, enabling attackers to corrupt adjacent memory regions. In InCopy's case, malformed document structures can trigger this condition during file processing, allowing controlled memory overwrites. The affected product is Adobe InCopy, a professional writing and editing application typically used in publishing workflows alongside Adobe InDesign. The vulnerability affects versions through 20.5.2 in the 20.x branch and through 21.2 in the 21.x branch, indicating the flaw exists across multiple major releases of the document processing engine.
RemediationAI
Users should immediately upgrade to the patched Adobe InCopy versions specified in Adobe Security Bulletin APSB26-33. Adobe's security advisory at https://helpx.adobe.com/security/products/incopy/apsb26-33.html contains the exact fixed versions and download instructions for each affected release branch. Until patching is completed, organizations should implement defense-in-depth controls including restricting InCopy users from opening documents from untrusted sources, deploying email attachment filtering to block suspicious InCopy file formats, and enforcing application whitelisting to prevent unauthorized code execution. Security awareness training should emphasize the risks of opening unsolicited documents in creative applications.
Adobe InCopy version 16.0 (and earlier) is affected by an path traversal vulnerability when parsing a crafted file. Rate
InCopy versions 20.0, 19.5.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that co
Heap-based buffer overflow vulnerability in Adobe InCopy versions 20.2, 19.5.3 and earlier that allows arbitrary code ex
CVE-2025-30327 is an integer overflow vulnerability in Adobe InCopy that enables arbitrary code execution with the privi
InCopy versions 20.3, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in
InCopy versions 20.3, 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could res
InCopy versions 20.3, 19.5.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that co
Arbitrary code execution in Adobe InCopy versions 21.0, 19.5.5 and earlier through a heap-based buffer overflow when use
Out-of-bounds read in Adobe InCopy 20.5.2, 21.2 and earlier allows arbitrary code execution when users open malicious fi
Arbitrary code execution in Adobe InCopy versions 21.3, 20.5.3 and earlier occurs when a user opens a maliciously crafte
Arbitrary code execution in Adobe InCopy 21.3, 20.5.3, and earlier allows attackers to run code as the current user when
Stack-based buffer overflow in Adobe InCopy 21.3, 20.5.3 and earlier enables arbitrary code execution in the context of
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22720
GHSA-jx8w-6mv7-8qj4