Indesign
by Adobe Inc.
CVEs (204)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-34705 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user… | ||
| CVE-2026-34704 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition.… | ||
| CVE-2026-34703 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition.… | ||
| CVE-2026-27286 | Med | 0.36 | 5.5 | 0.00 | Apr 14, 2026 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires… | ||
| CVE-2026-27285 | Med | 0.36 | 5.5 | 0.00 | Apr 14, 2026 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or disrupt its functionality. Exploitation of… | ||
| CVE-2010-2321 | 0.05 | — | 0.21 | Jun 18, 2010 | Buffer overflow in Adobe InDesign CS3 10.0 allows user-assisted remote attackers to execute arbitrary code via a crafted .indd file. | |||
| CVE-2010-3153 | 0.04 | — | 0.14 | Aug 27, 2010 | Untrusted search path vulnerability in Adobe InDesign CS4 6.0, InDesign CS5 7.0.2 and earlier, Adobe InDesign Server CS5 7.0.2 and earlier, and Adobe InCopy CS5 7.0.2 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL… | |||
| CVE-2019-7107 | 0.01 | — | 0.28 | May 23, 2019 | Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could lead to arbitrary code execution. Fixed in versions 13.1.1 and 14.0.2. | |||
| CVE-2026-21358 | 0.00 | — | 0.00 | Feb 10, 2026 | InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation… | |||
| CVE-2026-21332 | 0.00 | — | 0.00 | Feb 10, 2026 | InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user… | |||
| CVE-2026-21357 | 0.00 | — | 0.00 | Feb 10, 2026 | InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | |||
| CVE-2026-21277 | 0.00 | — | 0.00 | Jan 13, 2026 | InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | |||
| CVE-2026-21304 | 0.00 | — | 0.00 | Jan 13, 2026 | InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | |||
| CVE-2026-21275 | 0.00 | — | 0.00 | Jan 13, 2026 | InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | |||
| CVE-2026-21278 | 0.00 | — | 0.00 | Jan 13, 2026 | InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user… | |||
| CVE-2026-21276 | 0.00 | — | 0.00 | Jan 13, 2026 | InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | |||
| CVE-2025-61815 | 0.00 | — | 0.00 | Nov 11, 2025 | InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||
| CVE-2025-61814 | 0.00 | — | 0.00 | Nov 11, 2025 | InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||
| CVE-2025-61824 | 0.00 | — | 0.00 | Nov 11, 2025 | InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | |||
| CVE-2025-61832 | 0.00 | — | 0.00 | Nov 11, 2025 | InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… |
- risk 0.36cvss 5.5epss 0.00
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user…
- risk 0.36cvss 5.5epss 0.00
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition.…
- risk 0.36cvss 5.5epss 0.00
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition.…
- risk 0.36cvss 5.5epss 0.00
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires…
- risk 0.36cvss 5.5epss 0.00
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or disrupt its functionality. Exploitation of…
- CVE-2010-2321Jun 18, 2010risk 0.05cvss —epss 0.21
Buffer overflow in Adobe InDesign CS3 10.0 allows user-assisted remote attackers to execute arbitrary code via a crafted .indd file.
- CVE-2010-3153Aug 27, 2010risk 0.04cvss —epss 0.14
Untrusted search path vulnerability in Adobe InDesign CS4 6.0, InDesign CS5 7.0.2 and earlier, Adobe InDesign Server CS5 7.0.2 and earlier, and Adobe InCopy CS5 7.0.2 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL…
- CVE-2019-7107May 23, 2019risk 0.01cvss —epss 0.28
Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could lead to arbitrary code execution. Fixed in versions 13.1.1 and 14.0.2.
- CVE-2026-21358Feb 10, 2026risk 0.00cvss —epss 0.00
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation…
- CVE-2026-21332Feb 10, 2026risk 0.00cvss —epss 0.00
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user…
- CVE-2026-21357Feb 10, 2026risk 0.00cvss —epss 0.00
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- CVE-2026-21277Jan 13, 2026risk 0.00cvss —epss 0.00
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- CVE-2026-21304Jan 13, 2026risk 0.00cvss —epss 0.00
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- CVE-2026-21275Jan 13, 2026risk 0.00cvss —epss 0.00
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- CVE-2026-21278Jan 13, 2026risk 0.00cvss —epss 0.00
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user…
- CVE-2026-21276Jan 13, 2026risk 0.00cvss —epss 0.00
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- CVE-2025-61815Nov 11, 2025risk 0.00cvss —epss 0.00
InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
- CVE-2025-61814Nov 11, 2025risk 0.00cvss —epss 0.00
InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
- CVE-2025-61824Nov 11, 2025risk 0.00cvss —epss 0.00
InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- CVE-2025-61832Nov 11, 2025risk 0.00cvss —epss 0.00
InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
Page 2 of 11