Out-of-Bounds Read Vulnerability in InDesign Desktop by Adobe
CVE-2024-49547

5.5MEDIUM

Key Information:

Vendor: Adobe
Status: Indesign
Vendor: CVE Published:; 10 December 2024

What is CVE-2024-49547?

Adobe InDesign Desktop versions up to ID19.5 and ID18.5.4 are susceptible to an out-of-bounds read vulnerability that may enable attackers to access sensitive information from memory. Successful exploitation typically requires the user to open a specially crafted malicious file, possibly allowing the bypassing of security mechanisms such as Address Space Layout Randomization (ASLR). Users should remain vigilant and avoid interacting with untrusted files to mitigate the risks associated with this vulnerability. For more details, refer to the official Adobe advisory.

References

https://helpx.adobe.com/security/products/indesign/apsb24...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2024