Description
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

InDesign Desktop versions 21.3, 20.5.3 and earlier contain a heap-based buffer overflow that can be triggered by opening a malformed file. If exploited, the attacker can gain arbitrary code execution in the context of the user opening the file, potentially leading to full system compromise. The weakness is a classic out‑of‑bounds write that satisfies CWE‑122.

Affected Systems

Adobe InDesign Desktop. The vulnerability affects all installations of versions 21.3, 20.5.3 and any earlier release, regardless of OS platform.

Risk and Exploitability

The CVSS score of 7.8 indicates a high impact with the requirement for user interaction. The EPSS score is not available, so no quantitative estimate of exploitation likelihood can be made, but the need for the victim to open a file means the attack is limited to situations where malicious or compromised files are processed. The vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on June 9, 2026 at 21:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Adobe InDesign update or patch to remove the buffer overflow flaw
  • Temporarily disable or filter the handling of unknown or suspicious file types until a patch is applied
  • Enable automatic updates for Adobe applications and regularly check Adobe’s security advisory portal for new releases

Generated by OpenCVE AI on June 9, 2026 at 21:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe indesign Desktop
Vendors & Products Adobe
Adobe indesign Desktop

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Indesign Desktop
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T19:39:24.562Z

Reserved: 2026-03-30T17:30:36.497Z

Link: CVE-2026-34698

cve-icon Vulnrichment

Updated: 2026-06-09T19:39:06.760Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-09T18:16:41.053

Modified: 2026-06-09T19:30:24.713

Link: CVE-2026-34698

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T01:30:17Z

Weaknesses