NULL Pointer Dereference Vulnerability in InDesign Desktop by Adobe
CVE-2024-53952

5.5MEDIUM

Key Information:

Vendor: Adobe
Status: Indesign
Vendor: CVE Published:; 10 December 2024

Summary

Adobe InDesign Desktop versions ID19.5, ID18.5.4, and earlier are vulnerable to a NULL Pointer Dereference issue, which could potentially lead to application instability. This vulnerability allows an attacker to exploit a crafted file to crash the InDesign application, resulting in a denial of service condition. Successful exploitation requires user interaction, as the victim must open the maliciously crafted file, which triggers the vulnerability and compromises the application's functionality, thereby affecting productivity.

References

https://helpx.adobe.com/security/products/indesign/apsb24...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 10, 2024