CVE-2020-9727 HIGH

CVE-2020-9727: Out-of-bounds memory access could lead to code execution

Vendor Adobe
Product InDesign
Weakness CWE-788
Published September 10, 2020
Last update September 17, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.

Key dates

02Disclosure timeline

September 10, 2020 CVE published
September 17, 2024 Record updated