Description
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack-based buffer overflow in Adobe InDesign Desktop allows an attacker to execute arbitrary code in the context of the current user. The flaw is triggered when a specially crafted file is opened, potentially enabling the attacker to install malware, exfiltrate data, or perform other malicious actions. The vulnerability is a classic stack overflow (CWE‑121).

Affected Systems

Adobe InDesign Desktop is affected in version 21.3, 20.5.3 and earlier.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires user interaction: the victim must open a malicious file. Attackers would likely employ phishing or social engineering to deliver such files, making the risk dependent on user awareness and cautious file handling.

Generated by OpenCVE AI on June 9, 2026 at 20:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the Adobe‑published security update for InDesign Desktop that patches the buffer‑overflow flaw.
  • Warn users against opening files from untrusted or unknown sources and encourage them to verify file authenticity before opening.
  • Configure or enable system or application‑level sandboxing to limit the impact of any potential code execution from a compromised InDesign session.

Generated by OpenCVE AI on June 9, 2026 at 20:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe indesign
Apple
Apple macos
Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Adobe indesign
Apple
Apple macos
Microsoft
Microsoft windows

Wed, 10 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe indesign Desktop
Vendors & Products Adobe
Adobe indesign Desktop

Tue, 09 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title InDesign Desktop | Stack-based Buffer Overflow (CWE-121)
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Indesign Indesign Desktop
Apple Macos
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-10T03:59:38.542Z

Reserved: 2026-03-30T17:30:36.498Z

Link: CVE-2026-34702

cve-icon Vulnrichment

Updated: 2026-06-09T18:17:20.970Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-09T18:16:42.087

Modified: 2026-06-10T13:01:19.290

Link: CVE-2026-34702

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T01:30:17Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow