Adobe InDesign CC 2023 Memory Corruption Vulnerability III.
CVE-2023-44343

5.5MEDIUM

Key Information:

Vendor: Adobe
Status: Indesign Desktop
Vendor: CVE Published:; 29 February 2024

Summary

Adobe InDesign versions ID18.5 and earlier, as well as ID17.4.2 and earlier, are susceptible to an out-of-bounds read vulnerability. This flaw permits an attacker to potentially disclose sensitive memory, undermining common security mitigations such as Address Space Layout Randomization (ASLR). Exploiting this vulnerability necessitates that the user opens a specially crafted file, highlighting the critical importance of maintaining cautious behavior when handling unknown documents.

Affected Version(s)

InDesign Desktop 0

References

https://helpx.adobe.com/security/products/indesign/apsb23...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
Sep 28, 2023

Collectors

NVD DatabaseMitre Database