InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
History

Sat, 16 Nov 2024 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Microsoft
Microsoft windows
CPEs cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Microsoft
Microsoft windows

Wed, 13 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe indesign
CPEs cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*
Vendors & Products Adobe
Adobe indesign
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 12 Nov 2024 21:00:00 +0000

Type Values Removed Values Added
Description InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title InDesign Desktop | Out-of-bounds Read (CWE-125)
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2024-11-12T20:45:23.225Z

Updated: 2024-11-13T14:39:00.520Z

Reserved: 2024-10-15T15:35:47.026Z

Link: CVE-2024-49511

cve-icon Vulnrichment

Updated: 2024-11-13T14:28:45.589Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-12T21:15:13.490

Modified: 2024-11-16T00:34:33.607

Link: CVE-2024-49511

cve-icon Redhat

No data.