CVE-2021-39821Out-of-bounds Read in Adobe Indesign

CWE-125Out-of-bounds Read3 documents3 sources
Severity
7.8HIGHNVD
EPSS
2.6%
top 14.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Indesign
Timeline
PublishedSep 29
Latest updateMay 24

Description

Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5adobe/indesignunspecified16.3+2
NVDadobe/indesign16.3.2+1

🔴Vulnerability Details

2
GHSA
GHSA-vqp5-m22r-c4f2: Adobe InDesign versions 162022-05-24
CVEList
Adobe InDesign TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability2021-09-29
CVE-2021-39821 — Out-of-bounds Read in Adobe Indesign | cvebase