Skip to main content

Incopy

58 CVEs product

Monthly

CVE-2026-34707 HIGH This Week

Arbitrary code execution in Adobe InCopy versions 21.3, 20.5.3 and earlier occurs when a user opens a maliciously crafted document that triggers a heap-based buffer overflow (CWE-122). Successful exploitation runs attacker code in the security context of the current user, making this a credible vector for endpoint compromise via social engineering. No public exploit identified at time of analysis, and the CVE is not on the CISA KEV list.

Heap Overflow Buffer Overflow RCE Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34706 HIGH This Week

Arbitrary code execution in Adobe InCopy 21.3, 20.5.3, and earlier allows attackers to run code as the current user when a victim opens a maliciously crafted file. The flaw stems from an out-of-bounds write (CWE-787) in file parsing logic, carries a CVSS 7.8 (local, user-interaction required), and has no public exploit identified at time of analysis. Adobe published advisory APSB26-59 addressing the issue.

Memory Corruption Buffer Overflow RCE Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34708 HIGH This Week

Stack-based buffer overflow in Adobe InCopy 21.3, 20.5.3 and earlier enables arbitrary code execution in the context of the logged-in user when a victim opens a maliciously crafted document. The flaw is locally exploitable via file-format parsing and requires user interaction, with no public exploit identified at time of analysis. CVSS 7.8 reflects high impact on confidentiality, integrity, and availability but constrained reachability through the document-open vector.

Stack Overflow Buffer Overflow RCE Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34631 HIGH This Week

Arbitrary code execution in Adobe InCopy 20.5.2, 21.2 and earlier allows unauthenticated local attackers to execute malicious code with the victim's privileges through a specially crafted file. The vulnerability stems from an out-of-bounds write (CWE-787) triggering memory corruption. Exploitation requires the victim to open a malicious document, making this a viable social engineering vector. No public exploit identified at time of analysis, though the vulnerability's local attack vector and user interaction requirement moderately constrain immediate risk.

Buffer Overflow RCE Memory Corruption Incopy
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27287 HIGH This Week

Out-of-bounds read in Adobe InCopy 20.5.2, 21.2 and earlier allows arbitrary code execution when users open malicious files. CVSS 7.8 (High) reflects local attack vector requiring user interaction to open a weaponized document, which then triggers memory disclosure leading to code execution in user context. No public exploit identified at time of analysis. EPSS data not available, but the local-only attack vector and mandatory user interaction substantially reduce real-world risk compared to remotely exploitable flaws.

Buffer Overflow Information Disclosure Incopy
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21281 HIGH This Week

Arbitrary code execution in Adobe InCopy versions 21.0, 19.5.5 and earlier through a heap-based buffer overflow when users open malicious files. An attacker can execute commands with the privileges of the targeted user by crafting a specially designed document. No patch is currently available, requiring users to avoid opening untrusted InCopy files.

Buffer Overflow Heap Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-61818 HIGH This Month

InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Incopy
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-61817 HIGH This Month

InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Incopy
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-61816 HIGH This Month

InCopy versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54223 HIGH This Month

InCopy versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54221 HIGH This Month

InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54220 HIGH This Month

InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54219 HIGH This Month

InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54218 HIGH This Month

InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54217 HIGH This Month

InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54216 HIGH This Month

InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54215 HIGH This Month

InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47099 HIGH This Week

InCopy versions 20.3, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Heap Overflow RCE Buffer Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47098 HIGH This Week

InCopy versions 20.3, 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Memory Corruption Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47097 HIGH This Week

InCopy versions 20.3, 19.5.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Integer Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-47107 HIGH This Week

Heap-based buffer overflow vulnerability in Adobe InCopy versions 20.2, 19.5.3 and earlier that allows arbitrary code execution with the privileges of the current user. The vulnerability requires user interaction (opening a malicious file) and presents a high-severity risk due to its direct code execution capability; exploitation likelihood and real-world attack status cannot be fully assessed without KEV confirmation or public POC availability.

Buffer Overflow RCE Adobe Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-30327 HIGH This Week

CVE-2025-30327 is an integer overflow vulnerability in Adobe InCopy that enables arbitrary code execution with the privileges of the current user. Versions 20.2, 19.5.3 and earlier are affected; exploitation requires a user to open a malicious file, making it a file-based attack vector with moderate attack complexity. The vulnerability has a CVSS score of 7.8 (high severity) with complete impact on confidentiality, integrity, and availability, though real-world exploitation depends on user interaction and file delivery success.

RCE Integer Overflow Adobe Incopy
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21156 HIGH This Week

InCopy versions 20.0, 19.5.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Incopy
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45136 HIGH This Week

InCopy versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Incopy
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-41858 HIGH This Week

InCopy versions 18.5.2, 19.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Incopy
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-26368 HIGH This Week

Adobe InCopy versions 18.5 (and earlier) and 17.4.2 (and earlier) are affected by are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Incopy
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-22235 HIGH This Week

InCopy versions 18.1 (and earlier), 17.4 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Incopy
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-21599 MEDIUM This Month

Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Incopy
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-21598 MEDIUM This Month

Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Adobe Denial Of Service Memory Corruption Incopy
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-21597 HIGH This Week

Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Incopy
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-21596 HIGH This Week

Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Incopy
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-21595 HIGH This Week

Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Incopy
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-21594 HIGH This Week

Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Heap Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-38407 MEDIUM This Month

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Incopy
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-38406 MEDIUM This Month

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Incopy
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-38405 HIGH This Week

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Adobe Buffer Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-38404 HIGH This Week

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Adobe Buffer Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-38403 HIGH This Week

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Adobe Buffer Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-38402 HIGH This Week

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Adobe Buffer Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38401 HIGH This Week

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Adobe Buffer Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-34252 MEDIUM This Month

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Incopy
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-34251 HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an Out-Of-Bounds Write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE Buffer Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-34250 HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Buffer Overflow Heap Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-34249 HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Buffer Overflow Heap Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-30657 HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Adobe Incopy
NVD
CVSS 3.0
7.8
EPSS
2.5%
CVE-2022-30656 HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE Buffer Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2022-30655 HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Adobe Incopy
NVD
CVSS 3.0
7.8
EPSS
2.5%
CVE-2022-30654 HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Buffer Overflow Heap Overflow Incopy
NVD
CVSS 3.0
7.8
EPSS
5.9%
CVE-2022-30653 HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE Buffer Overflow Incopy
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2022-30652 HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE Buffer Overflow Incopy
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2022-30651 HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Incopy
NVD
CVSS 3.0
7.8
EPSS
2.2%
CVE-2022-30650 HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Buffer Overflow Heap Overflow Incopy
NVD
CVSS 3.0
7.8
EPSS
5.9%
CVE-2021-43016 MEDIUM PATCH This Month

Adobe InCopy version 16.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Adobe Incopy
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2021-43015 HIGH This Week

Adobe InCopy version 16.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Incopy
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2021-39819 HIGH PATCH This Week

Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious XML file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Incopy
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-39818 HIGH PATCH This Week

Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe Incopy
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-21090 HIGH This Week

Adobe InCopy version 16.0 (and earlier) is affected by an path traversal vulnerability when parsing a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Adobe Incopy
NVD
CVSS 3.1
8.8
EPSS
5.4%
CVE-2021-21010 HIGH This Week

InCopy version 15.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Microsoft RCE Incopy
NVD
CVSS 3.1
7.0
EPSS
2.5%
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InCopy versions 21.3, 20.5.3 and earlier occurs when a user opens a maliciously crafted document that triggers a heap-based buffer overflow (CWE-122). Successful exploitation runs attacker code in the security context of the current user, making this a credible vector for endpoint compromise via social engineering. No public exploit identified at time of analysis, and the CVE is not on the CISA KEV list.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InCopy 21.3, 20.5.3, and earlier allows attackers to run code as the current user when a victim opens a maliciously crafted file. The flaw stems from an out-of-bounds write (CWE-787) in file parsing logic, carries a CVSS 7.8 (local, user-interaction required), and has no public exploit identified at time of analysis. Adobe published advisory APSB26-59 addressing the issue.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Stack-based buffer overflow in Adobe InCopy 21.3, 20.5.3 and earlier enables arbitrary code execution in the context of the logged-in user when a victim opens a maliciously crafted document. The flaw is locally exploitable via file-format parsing and requires user interaction, with no public exploit identified at time of analysis. CVSS 7.8 reflects high impact on confidentiality, integrity, and availability but constrained reachability through the document-open vector.

Stack Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InCopy 20.5.2, 21.2 and earlier allows unauthenticated local attackers to execute malicious code with the victim's privileges through a specially crafted file. The vulnerability stems from an out-of-bounds write (CWE-787) triggering memory corruption. Exploitation requires the victim to open a malicious document, making this a viable social engineering vector. No public exploit identified at time of analysis, though the vulnerability's local attack vector and user interaction requirement moderately constrain immediate risk.

Buffer Overflow RCE Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bounds read in Adobe InCopy 20.5.2, 21.2 and earlier allows arbitrary code execution when users open malicious files. CVSS 7.8 (High) reflects local attack vector requiring user interaction to open a weaponized document, which then triggers memory disclosure leading to code execution in user context. No public exploit identified at time of analysis. EPSS data not available, but the local-only attack vector and mandatory user interaction substantially reduce real-world risk compared to remotely exploitable flaws.

Buffer Overflow Information Disclosure Incopy
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InCopy versions 21.0, 19.5.5 and earlier through a heap-based buffer overflow when users open malicious files. An attacker can execute commands with the privileges of the targeted user by crafting a specially designed document. No patch is currently available, requiring users to avoid opening untrusted InCopy files.

Buffer Overflow Heap Overflow Incopy
NVD
EPSS 0% CVSS 7.8
HIGH This Month

InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

InCopy versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

InCopy versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

InCopy versions 20.3, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Heap Overflow RCE Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

InCopy versions 20.3, 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Memory Corruption Incopy
NVD
EPSS 0% CVSS 7.8
HIGH This Week

InCopy versions 20.3, 19.5.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

RCE Integer Overflow Incopy
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow vulnerability in Adobe InCopy versions 20.2, 19.5.3 and earlier that allows arbitrary code execution with the privileges of the current user. The vulnerability requires user interaction (opening a malicious file) and presents a high-severity risk due to its direct code execution capability; exploitation likelihood and real-world attack status cannot be fully assessed without KEV confirmation or public POC availability.

Buffer Overflow RCE Adobe +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

CVE-2025-30327 is an integer overflow vulnerability in Adobe InCopy that enables arbitrary code execution with the privileges of the current user. Versions 20.2, 19.5.3 and earlier are affected; exploitation requires a user to open a malicious file, making it a file-based attack vector with moderate attack complexity. The vulnerability has a CVSS score of 7.8 (high severity) with complete impact on confidentiality, integrity, and availability, though real-world exploitation depends on user interaction and file delivery success.

RCE Integer Overflow Adobe +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

InCopy versions 20.0, 19.5.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Incopy
NVD
EPSS 0% CVSS 7.8
HIGH This Week

InCopy versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Incopy
NVD
EPSS 0% CVSS 7.8
HIGH This Week

InCopy versions 18.5.2, 19.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Incopy
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Adobe InCopy versions 18.5 (and earlier) and 17.4.2 (and earlier) are affected by are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

InCopy versions 18.1 (and earlier), 17.4 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Adobe Denial Of Service +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Incopy
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Adobe +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Adobe +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Adobe +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Adobe +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Adobe +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an Out-Of-Bounds Write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Buffer Overflow +2
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free +2
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE +2
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free +2
NVD
EPSS 6% CVSS 7.8
HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Buffer Overflow +2
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE +2
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE +2
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure +1
NVD
EPSS 6% CVSS 7.8
HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Buffer Overflow +2
NVD
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

Adobe InCopy version 16.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Adobe +1
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Adobe InCopy version 16.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe +1
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious XML file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe +1
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Adobe +1
NVD
EPSS 5% CVSS 8.8
HIGH This Week

Adobe InCopy version 16.0 (and earlier) is affected by an path traversal vulnerability when parsing a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Adobe +1
NVD
EPSS 2% CVSS 7.0
HIGH This Week

InCopy version 15.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Microsoft RCE Incopy
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy