Heap-based Buffer Overflow in Adobe InDesign Affects User Security
CVE-2026-34701

7.8HIGH

Key Information:

Vendor

Adobe

Vendor
CVE Published:
9 June 2026

What is CVE-2026-34701?

Adobe InDesign Desktop versions 21.3, 20.5.3, and earlier are susceptible to a heap-based buffer overflow vulnerability. This security flaw enables the execution of arbitrary code in the context of the current user if they interact with a maliciously crafted file. The exploitation of this vulnerability necessitates that the user opens the compromised file, thereby putting their system at risk. It is crucial for InDesign users to remain vigilant and avoid opening untrusted files to mitigate this threat.

Affected Version(s)

InDesign Desktop 0 <= 20.5.3

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.