Description
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack-based buffer overflow exists in older releases of Adobe InDesign Desktop. The flaw can be triggered by opening a maliciously crafted file, allowing an attacker to execute arbitrary code in the context of the current user. This weakness is classified under CWE‑121 and could compromise the confidentiality, integrity, and availability of the affected system if exploited.

Affected Systems

Adobe InDesign Desktop versions 21.3, 20.5.3 and all earlier releases are vulnerable. Updates released after these versions contain the fix.

Risk and Exploitability

The CVSS score of 7.8 labels the vulnerability as high risk, and while the EPSS score is not publicly available, the lack of a KEV listing suggests it has not yet been widely targeted. Because exploitation requires the victim to open a malicious file, the threat vector is local user interaction. Once triggered, the attacker gains full user‑level privileges on the host machine.

Generated by OpenCVE AI on June 9, 2026 at 21:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Adobe InDesign Desktop update to all affected installations.
  • If an update is not immediately available, avoid opening files from untrusted or unknown sources.
  • Run InDesign within a restricted or sandboxed environment to limit the impact of potential exploitation.

Generated by OpenCVE AI on June 9, 2026 at 21:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe indesign Desktop
Vendors & Products Adobe
Adobe indesign Desktop

Tue, 09 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title InDesign Desktop | Stack-based Buffer Overflow (CWE-121)
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Indesign Desktop
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T19:06:32.955Z

Reserved: 2026-03-30T17:30:36.497Z

Link: CVE-2026-34697

cve-icon Vulnrichment

Updated: 2026-06-09T19:06:29.519Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-09T18:16:40.790

Modified: 2026-06-09T19:30:24.713

Link: CVE-2026-34697

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T01:30:17Z

Weaknesses