Description
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack-based buffer overflow in Adobe InDesign Desktop allows an attacker to execute arbitrary code in the context of the current user. The flaw is triggered when a specially crafted file is opened, potentially enabling the attacker to install malware, exfiltrate data, or perform other malicious actions. The vulnerability is a classic stack overflow (CWE‑121).

Affected Systems

Adobe InDesign Desktop is affected in version 21.3, 20.5.3 and earlier.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires user interaction: the victim must open a malicious file. Attackers would likely employ phishing or social engineering to deliver such files, making the risk dependent on user awareness and cautious file handling.

Generated by OpenCVE AI on June 9, 2026 at 20:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the Adobe‑published security update for InDesign Desktop that patches the buffer‑overflow flaw.
  • Warn users against opening files from untrusted or unknown sources and encourage them to verify file authenticity before opening.
  • Configure or enable system or application‑level sandboxing to limit the impact of any potential code execution from a compromised InDesign session.

Generated by OpenCVE AI on June 9, 2026 at 20:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe indesign Desktop
Vendors & Products Adobe
Adobe indesign Desktop

Tue, 09 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title InDesign Desktop | Stack-based Buffer Overflow (CWE-121)
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Indesign Desktop
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T18:17:27.850Z

Reserved: 2026-03-30T17:30:36.498Z

Link: CVE-2026-34702

cve-icon Vulnrichment

Updated: 2026-06-09T18:17:20.970Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-09T18:16:42.087

Modified: 2026-06-09T19:30:24.713

Link: CVE-2026-34702

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T01:30:17Z

Weaknesses