First published: Fri Jan 13 2023(Updated: )
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe Incopy | >=17.0<=17.4 | |
Adobe Incopy | =18.0 | |
Apple macOS | ||
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-21599 is a vulnerability in Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) that allows an attacker to read sensitive memory and bypass mitigations.
CVE-2023-21599 has a severity rating of 5.5, which is considered medium.
CVE-2023-21599 affects Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) by allowing an attacker to read sensitive memory and bypass certain security measures like ASLR.
Exploitation of CVE-2023-21599 requires user interaction, but an attacker can leverage this vulnerability to read sensitive memory and potentially disclose sensitive information.
To fix CVE-2023-21599, it is recommended to update Adobe InCopy to a version that is not affected by this vulnerability.