Headline
CVE-2023-21593: Adobe Security Bulletin
Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Security Update Available for Adobe InDesign | APSB23-12
Bulletin ID
Date Published
Priority
APSB23-12
February 14, 2023
3
Summary
Adobe has released a security update for Adobe InDesign. This update addresses an important vulnerability. Successful exploitation could lead to application denial-of-service.
Affected versions
ID18.1 and earlier version.
ID17.4 and earlier version.
Solution
Adobe categorizes these updates with the following priority rating and recommends users update their software installations via the Creative Cloud desktop app updater, or by navigating to the InDesign Help menu and clicking “Updates.” For more information, please reference this help page.
Product
Updated version
Platform
Priority rating
Adobe InDesign
ID18.2
Windows and macOS
3
Adobe InDesign
ID17.4.1
Windows and macOS
3
For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information.
Vulnerability Details
Vulnerability Category
Vulnerability Impact
Severity
CVSS base score
CVSS vector
CVE Number
NULL Pointer Dereference (CWE-476)
Application denial-of-service
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2023-21593
Acknowledgments
Adobe would like to thank the following researcher for reporting this issue and for working with Adobe to help protect our customers:
- CHEN QINGYANG (yjdfy) - CVE-2023-21593