Adobe InDesign Vulnerable to Integer Overflow or Wraparound Exploits
CVE-2024-41851

7.8HIGH

Key Information:

Vendor: Adobe
Status: Indesign Desktop
Vendor: CVE Published:; 14 August 2024

Summary

Adobe InDesign Desktop versions ID19.4, ID18.5.2, and earlier are susceptible to an integer overflow or wraparound vulnerability, which allows for the potential execution of arbitrary code under the privileges of the current user. To exploit this vulnerability, malicious actors can craft a specially designed file that, when opened by a user, triggers the vulnerability. This exploit emphasizes the importance of ensuring users do not open untrusted or suspicious files, thereby mitigating the risks associated with this vulnerability.

Affected Version(s)

InDesign Desktop 0

References

https://helpx.adobe.com/security/products/indesign/apsb24...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 14, 2024
Vulnerability Reserved
Jul 22, 2024

Collectors

NVD DatabaseMitre Database