Adobe InDesign CC 2023 Memory Corruption Vulnerability V.
CVE-2023-44344

5.5MEDIUM

Key Information:

Vendor: Adobe
Status: Indesign Desktop
Vendor: CVE Published:; 29 February 2024

Summary

Adobe InDesign is susceptible to an out-of-bounds read vulnerability, affecting versions ID18.5 and earlier as well as ID17.4.2 and earlier. This vulnerability can potentially enable attackers to access sensitive memory spaces. The exploitation of this flaw necessitates user action, where the victim must open a specially crafted malicious file. Successful exploitation may bypass security mitigations like Address Space Layout Randomization (ASLR), highlighting the need for users to exercise caution when handling files from untrusted sources.

Affected Version(s)

InDesign Desktop 0

References

https://helpx.adobe.com/security/products/indesign/apsb23...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
Sep 28, 2023

Collectors

NVD DatabaseMitre Database