InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
History

Wed, 13 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe indesign
CPEs cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*
Vendors & Products Adobe
Adobe indesign
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 12 Nov 2024 21:00:00 +0000

Type Values Removed Values Added
Description InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title InDesign Desktop | Out-of-bounds Read (CWE-125)
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2024-11-12T20:45:25.230Z

Updated: 2024-11-13T14:38:59.994Z

Reserved: 2024-10-15T15:35:47.027Z

Link: CVE-2024-49512

cve-icon Vulnrichment

Updated: 2024-11-13T14:28:42.697Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-12T21:15:13.703

Modified: 2024-11-13T17:01:16.850

Link: CVE-2024-49512

cve-icon Redhat

No data.