CVE-2021-45059

Description

Adobe InDesign version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Risk Information

Base Score

3.3

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

EPSS Score

Exploitation Probability

1.919

Associated Vulnerability

Vulnerability	OS Platform
Multiple Vulnerabilities are affected in Adobe InDesign 16.4.0	Windows
Vulnerabilities CVE-2021-45057,CVE-2021-45058,CVE-2021-45059 are fixed in Adobe InDesign for Mac 16.4.1	Mac

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234