Global infos:

Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE Status: Modified

References:

[email protected]

af854a3a-2127-422b-91ae-364da2661108

Metrics:

Attribute	Value
Attack Complexity	LOW
Attack Vector	LOCAL
Availability Impact	NONE
Base Score	5.5
Base Severity	MEDIUM
Confidentiality Impact	HIGH
Integrity Impact	NONE
Privileges Required	NONE
Scope	UNCHANGED
User Interaction	REQUIRED
Vector String	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Exploitability Score	1.8
Impact Score	3.6
Source	[email protected]
Type	Secondary

Links:

Exploit-db
Github