CVE-2021-36004: Adobe InDesign CoolType out of bounds write vulnerability could lead to arbitrary stack manipulation
First published: Tue Jul 27 2021(Updated: )
Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe InDesign 2025 | <=16.0 | |
| Microsoft Windows Operating System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-36004?
CVE-2021-36004 has a critical severity rating, as it allows for remote code execution.
How do I fix CVE-2021-36004?
To fix CVE-2021-36004, update Adobe InDesign to the latest version available beyond 16.0.
Who is affected by CVE-2021-36004?
Users of Adobe InDesign version 16.0 and earlier are affected by CVE-2021-36004.
Can CVE-2021-36004 be exploited remotely?
Yes, CVE-2021-36004 can be exploited remotely by an unauthenticated attacker.
What impact does CVE-2021-36004 have on system security?
CVE-2021-36004 can lead to unauthorized remote code execution, compromising system security.
- agent/type
- agent/author
- agent/remedy
- agent/weakness
- agent/references
- agent/severity
- agent/title
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe indesign 2025
- version/adobe indesign 2025/16.0
- vendor/microsoft
- canonical/microsoft windows operating system