Stack-Based Buffer Overflow in InDesign by Adobe
CVE-2026-34697

7.8HIGH

Key Information:

Vendor

Adobe

Vendor
CVE Published:
9 June 2026

What is CVE-2026-34697?

InDesign Desktop versions 21.3, 20.5.3, and earlier are susceptible to a stack-based buffer overflow vulnerability. This flaw could allow an attacker to execute arbitrary code within the context of the current user. To exploit this vulnerability, an attacker must trick the user into opening a specially crafted malicious file, thereby triggering the overflow and compromising the system's security. Users are advised to remain vigilant and update their software to mitigate potential risks.

Affected Version(s)

InDesign Desktop 0 <= 20.5.3

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.