EUVD-2026-35775
GHSA-p34q-cvx5-m2mv
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs through a stack-based buffer overflow triggered when a victim opens a malicious document file. Exploitation runs in the context of the current user and requires user interaction, with no public exploit identified at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to open a maliciously crafted InDesign document on a vulnerable installation of Adobe InDesign Desktop 21.3, 20.5.3 or earlier; per the CVSS vector (AV:L/AC:L/PR:N/UI:R) the attack vector is local file open, no prior authentication to the application is needed, and user interaction (opening the file) is mandatory. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H yields 7.8 (High) and reflects a classic client-side file-parsing flaw: the attacker needs no privileges but must convince the user to open a file, so reach depends on social engineering rather than network-exposed services. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker emails a marketing or design team member an INDD or IDML file masquerading as a vendor template, brand-guide update, or client deliverable; when the recipient double-clicks the file, InDesign's parser overruns a stack buffer and the crafted payload achieves code execution as the logged-in user. The foothold provides full read/write to the user's documents and credentials and can pivot into design pipelines and shared asset stores. … |
| Remediation | Apply the vendor-released patch by upgrading Adobe InDesign Desktop to the fixed releases published in Adobe security bulletin APSB26-58 (https://helpx.adobe.com/security/products/indesign/apsb26-58.html); specifically, move 21.x installs beyond 21.3 and 20.x installs beyond 20.5.3 to the versions listed in that bulletin. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Complete inventory of InDesign installations and user distribution; disable opening of InDesign documents from external sources and implement email gateway filtering for .indd file attachments. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier allows attackers to run code as the logged-i
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs when a user opens a maliciously craft
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier stems from a use-after-free condition trigge
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs via a heap-based buffer overflow (CWE
Arbitrary code execution in Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier is possible when a user opens a mal
Share
External POC / Exploit Code
Leaving vuln.today