Stack-based Buffer Overflow in Adobe InDesign Desktop Versions
CVE-2026-34695

7.8HIGH

Key Information:

Vendor

Adobe

Vendor
CVE Published:
9 June 2026

What is CVE-2026-34695?

Adobe InDesign Desktop versions 21.3, 20.5.3, and earlier versions are susceptible to a stack-based buffer overflow vulnerability. This flaw could enable an attacker to execute arbitrary code in the context of the current user if a malicious file is opened. User interaction is required for exploitation, as the victim must be tricked into opening the compromised file. It is crucial for users of affected versions to remain vigilant and apply necessary updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

InDesign Desktop 0 <= 20.5.3

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.