EUVD-2026-35776
GHSA-5765-2635-hxv6
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Out-of-bounds read in Adobe InDesign Desktop versions 21.3 and 20.5.3 (and earlier) exposes sensitive process memory when a victim opens a specially crafted document file. The vulnerability carries a high confidentiality impact (CVSS C:H) with no integrity or availability impact, making it a targeted information-disclosure primitive - useful for memory leak-assisted exploitation chains or direct leakage of in-memory content such as document data, credentials, or heap pointers. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the victim open a malicious InDesign Desktop file (.indd, .idml, or similar supported format) on a system running an affected version (InDesign Desktop 21.3 or 20.5.3 and earlier). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS base score of 5.5 (Medium) reflects a constrained risk profile: AV:L limits exploitation to local file execution, AC:L indicates low complexity once the file is delivered, PR:N requires no prior privileges, but UI:R imposes a hard dependency on victim interaction. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious InDesign document embedding a specially structured object or field with an oversized or malformed length value designed to trigger an out-of-bounds read during parsing. The file is delivered to a target designer or publisher via email, file-sharing link, or collaboration platform - contexts where opening InDesign files from external parties is routine. … |
| Remediation | The primary remediation is to upgrade Adobe InDesign Desktop to a version beyond the affected branches per the vendor advisory APSB26-58 at https://helpx.adobe.com/security/products/indesign/apsb26-58.html. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier allows attackers to run code as the logged-i
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs when a user opens a maliciously craft
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier stems from a use-after-free condition trigge
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs through a stack-based buffer overflow
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs via a heap-based buffer overflow (CWE
Share
External POC / Exploit Code
Leaving vuln.today