Multiple vulnerabilities in Adobe InDesign



Published: 2022-06-14 | Updated: 2022-07-15
Risk High
Patch available YES
Number of vulnerabilities 11
CVE-ID CVE-2022-30658
CVE-2022-30659
CVE-2022-30661
CVE-2022-30662
CVE-2022-30663
CVE-2022-30665
CVE-2022-30660
CVE-2022-34248
CVE-2022-34245
CVE-2022-34247
CVE-2022-34246
CWE-ID CWE-122
CWE-787
CWE-125
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Adobe InDesign
Client/Desktop applications / Multimedia software

Vendor Adobe

Security Bulletin

This security bulletin contains information about 11 vulnerabilities.

1) Heap-based buffer overflow

EUVDB-ID: #VU64318

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-30658

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when parsing embedded fonts. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe InDesign: 16.0 - 16.4.1, 17.0 - 17.2.1


CPE2.3 External links

http://helpx.adobe.com/security/products/indesign/apsb22-30.html
http://www.zerodayinitiative.com/advisories/ZDI-22-845/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Out-of-bounds write

EUVDB-ID: #VU64321

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-30659

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe InDesign: 16.0 - 16.4.1, 17.0 - 17.2.1


CPE2.3 External links

http://helpx.adobe.com/security/products/indesign/apsb22-30.html
http://www.zerodayinitiative.com/advisories/ZDI-22-846/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Heap-based buffer overflow

EUVDB-ID: #VU64320

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-30661

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe InDesign: 16.0 - 16.4.1, 17.0 - 17.2.1


CPE2.3 External links

http://helpx.adobe.com/security/products/indesign/apsb22-30.html
http://www.zerodayinitiative.com/advisories/ZDI-22-848/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Out-of-bounds write

EUVDB-ID: #VU64322

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-30662

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe InDesign: 16.0 - 16.4.1, 17.0 - 17.2.1


CPE2.3 External links

http://helpx.adobe.com/security/products/indesign/apsb22-30.html
http://www.zerodayinitiative.com/advisories/ZDI-22-849/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Out-of-bounds write

EUVDB-ID: #VU64323

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-30663

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing SVG images. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe InDesign: 16.0 - 16.4.1, 17.0 - 17.2.1


CPE2.3 External links

http://helpx.adobe.com/security/products/indesign/apsb22-30.html
http://www.zerodayinitiative.com/advisories/ZDI-22-850/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Out-of-bounds write

EUVDB-ID: #VU64324

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-30665

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe InDesign: 16.0 - 16.4.1, 17.0 - 17.2.1


CPE2.3 External links

http://helpx.adobe.com/security/products/indesign/apsb22-30.html
http://www.zerodayinitiative.com/advisories/ZDI-22-851/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Out-of-bounds write

EUVDB-ID: #VU64325

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-30660

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe InDesign: 16.0 - 16.4.1, 17.0 - 17.2.1


CPE2.3 External links

http://helpx.adobe.com/security/products/indesign/apsb22-30.html
http://www.zerodayinitiative.com/advisories/ZDI-22-847/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Out-of-bounds read

EUVDB-ID: #VU65339

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-34248

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds read error and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe InDesign: 16.0 - 16.4.1, 17.0 - 17.2.1


CPE2.3 External links

http://helpx.adobe.com/security/products/indesign/apsb22-30.html
http://www.zerodayinitiative.com/advisories/ZDI-22-1003/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Heap-based buffer overflow

EUVDB-ID: #VU65336

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-34245

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe InDesign: 16.0 - 16.4.1, 17.0 - 17.2.1


CPE2.3 External links

http://helpx.adobe.com/security/products/indesign/apsb22-30.html
http://www.zerodayinitiative.com/advisories/ZDI-22-1004/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Out-of-bounds write

EUVDB-ID: #VU65338

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-34247

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe InDesign: 16.0 - 16.4.1, 17.0 - 17.2.1


CPE2.3 External links

http://helpx.adobe.com/security/products/indesign/apsb22-30.html
http://www.zerodayinitiative.com/advisories/ZDI-22-1002/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Heap-based buffer overflow

EUVDB-ID: #VU65337

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-34246

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe InDesign: 16.0 - 16.4.1, 17.0 - 17.2.1


CPE2.3 External links

http://helpx.adobe.com/security/products/indesign/apsb22-30.html
http://www.zerodayinitiative.com/advisories/ZDI-22-1005/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###