Headline

CVE-2021-42731: Adobe Security Bulletin

Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

3 years ago

CVE

Open in Source

#vulnerability #mac #windows #dos

Security Update Available for Adobe InDesign | APSB21-107

Bulletin ID

Date Published

Priority

APSB21-107

October 26, 2021

Summary

Adobe has released a security update for Adobe InDesign.  This update addresses critical and  Important vulnerabilities. Successful exploitation could lead to arbitrary code execution and application denial of service.

Affected versions

16.4 and earlier versions

Solution

Adobe categorizes these updates with the following priority rating and recommends users update their software installations via the Creative Cloud desktop app updater, or by navigating to the InDesign Help menu and clicking “Updates.” For more information, please reference this help page.

Product

Updated version

Platform

Priority rating

Availability

Adobe InDesign

17.0

Windows and macOS

Release Note

For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information.

Vulnerability Details

Vulnerability Category

Vulnerability Impact

Severity

CVSS base score

CVSS vector

CVE Number

NULL Pointer Dereference (CWE-476)

Application denial-of-service

Important

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H