EUVD-2026-22440Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionCVE.org
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or disrupt its functionality. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Heap-based buffer overflow in Adobe InDesign Desktop versions 20.5.2, 21.2 and earlier allows local attackers to cause application denial-of-service by crafting malicious files that trigger memory corruption when opened. This vulnerability requires user interaction to exploit and does not enable code execution or data compromise, making it primarily a disruption vector rather than a critical attack surface despite its moderate CVSS score of 5.5.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Risk Assessment | The CVSS vector (AV:L/AC:L/PR:N/S:U/C:N/I:N/A:H) indicates a local attack vector with low complexity and high availability impact but no confidentiality or integrity consequences. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious InDesign document (.indd file) containing specially formatted data designed to overflow a heap buffer during file parsing, then distributes it via email or file-sharing platforms targeting InDesign users. When a victim opens the document, the application immediately crashes or becomes unresponsive as the heap corruption is triggered, resulting in lost work and denial-of-service. … |
| Remediation | Update Adobe InDesign Desktop to version 21.3 or later, which addresses this heap buffer overflow vulnerability. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier allows attackers to run code as the logged-i
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs when a user opens a maliciously craft
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier stems from a use-after-free condition trigge
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs through a stack-based buffer overflow
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs via a heap-based buffer overflow (CWE
Share
External POC / Exploit Code
Leaving vuln.today