First published: Wed Jul 12 2023(Updated: )
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe InDesign | >=17.0<17.4.2 | |
Adobe InDesign | >=18.0<18.4 | |
Apple macOS | ||
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-29316.
The severity of CVE-2023-29316 is medium with a CVSS score of 5.5.
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected.
The vulnerability can lead to disclosure of sensitive memory and bypassing of mitigations such as ASLR.
No, Apple iPadOS and Microsoft Windows are not affected by CVE-2023-29316.
Update to Adobe InDesign versions ID18.4 or ID17.4.2 to mitigate the vulnerability.