Adobe Incopy

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Adobe Incopy.

Recent Adobe Incopy Security Advisories

Advisory	Title	Published
APSB26-04	Security Update Available for Adobe InCopy \| APSB26-04	January 13, 2026
APSB25-107	Security Update Available for Adobe InCopy \| APSB25-107	November 11, 2025
APSB25-80	Security Update Available for Adobe InCopy \| APSB25-80	August 12, 2025
APSB25-59	Security Update Available for Adobe InCopy \| APSB25-59	July 8, 2025
APSB25-41	Security Update Available for Adobe InCopy \| APSB25-41	June 10, 2025
APSB25-10	Security Update Available for Adobe InCopy \| APSB25-10	February 11, 2025
APSB24-79	Security Update Available for Adobe InCopy \| APSB24-79	October 8, 2024
APSB24-64	Security Update Available for Adobe InCopy \| APSB24-64	August 13, 2024
APSB23-60	Security Update Available for Adobe InCopy \| APSB23-60	November 14, 2023
APSB23-13	Security Update Available for Adobe InCopy \| APSB23-13	April 11, 2023

By the Year

In 2026 there have been 1 vulnerability in Adobe Incopy with an average score of 7.8 out of ten. Last year, in 2025 Incopy had 17 security vulnerabilities published. Right now, Incopy is on track to have less security vulnerabilities in 2026 than it did last year. Interestingly, the average vulnerability score and the number of vulnerabilities for 2026 and last year was the same.

Year	Vulnerabilities	Average Score
2026	1	7.80
2025	17	7.80
2024	2	7.80
2023	10	7.34
2022	6	7.03
2021	3	7.53

It may take a day or so for new Incopy vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Adobe Incopy Security Vulnerabilities

Adobe InCopy <21.0 Heap Buffer Overflow Arbitrary Code Exec
CVE-2026-21281 7.8 - High - January 13, 2026

InCopy versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Heap-based Buffer Overflow

Adobe InCopy Heap Buffer Overflow <20.5, 19.5.5 (arbitrary code exec)
CVE-2025-61816 7.8 - High - November 11, 2025

InCopy versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Heap-based Buffer Overflow

Use After Free in InCopy <20.5 - Arbitrary Code Exec
CVE-2025-61818 7.8 - High - November 11, 2025

InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Use After Free in Adobe InCopy Before 20.5/19.5.5 Enables Arbitrary Code Execution
CVE-2025-61817 7.8 - High - November 11, 2025

Dangling pointer

Adobe InCopy OOB in File Parser Before 20.4
CVE-2025-54216 7.8 - High - August 12, 2025

InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Adobe InCopy UAF (<20.4/19.5.4) via Malicious File
CVE-2025-54223 7.8 - High - August 12, 2025

InCopy versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Adobe InCopy OOB Write -> Arbitrary Code Execution (CVE-2025-54221)
CVE-2025-54221 7.8 - High - August 12, 2025

Memory Corruption

Adobe InCopy Heap BOV (RCE) v <= 20.4
CVE-2025-54220 7.8 - High - August 12, 2025

InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Heap-based Buffer Overflow

Heap-buffer overflow in InCopy <20.4 via malicious file
CVE-2025-54219 7.8 - High - August 12, 2025

Heap-based Buffer Overflow

Adobe InCopy <=20.4 OOB Write via Malicious File
CVE-2025-54218 7.8 - High - August 12, 2025

Memory Corruption

Adobe InCopy <20.5 Heap Buffer Overflow
CVE-2025-54217 7.8 - High - August 12, 2025

Heap-based Buffer Overflow

InCopy <=20.4 OOB Write via Malicious File
CVE-2025-54215 7.8 - High - August 12, 2025

Memory Corruption

Adobe InCopy <=20.3 Heap Buffer Overflow -> Code Exec via Malicious File
CVE-2025-47099 7.8 - High - July 08, 2025

InCopy versions 20.3, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Heap-based Buffer Overflow

Adobe InCopy <20.3 Uninitialized Pointer CVE-2025-47098 Code Exec via File
CVE-2025-47098 7.8 - High - July 08, 2025

InCopy versions 20.3, 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Access of Uninitialized Pointer

Adobe InCopy 20.3 and earlier: Integer Underflow CVE-2025-47097
CVE-2025-47097 7.8 - High - July 08, 2025

InCopy versions 20.3, 19.5.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Integer underflow

InCopy <20.3 Heap Buffer Overflow (Arbitrary Code Exec)
CVE-2025-47107 7.8 - High - June 10, 2025

InCopy versions 20.2, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Heap-based Buffer Overflow

InCopy Integer Overflow in 20.2/19.5.3 – Vulnerable to Arbitrary Code Execution
CVE-2025-30327 7.8 - High - June 10, 2025

InCopy versions 20.2, 19.5.3 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Integer Overflow or Wraparound

Adobe InCopy <20.0: Integer Underflow Arbitrary Code Exec
CVE-2025-21156 7.8 - High - February 11, 2025

InCopy versions 20.0, 19.5.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Integer underflow

Adobe InCopy <19.4, <18.5.3: Unsafe File Upload Remote Code Exec (CVE-2024-45136)
CVE-2024-45136 7.8 - High - October 09, 2024

InCopy versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which can then be executed on the server. Exploitation of this issue requires user interaction.

Unrestricted File Upload

Adobe InCopy <=19.4 Integer Overflow Allowing Arbitrary Code Exec
CVE-2024-41858 7.8 - High - August 14, 2024

InCopy versions 18.5.2, 19.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Integer Overflow or Wraparound

Adobe InCopy OOB Read CVE-2023-26368 18.5-17.4.2 Allows Code Exec
CVE-2023-26368 7.8 - High - November 16, 2023

Adobe InCopy versions 18.5 (and earlier) and 17.4.2 (and earlier) are affected by are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Adobe InCopy OOB Write Arbitrary Code Exec (17.1 / 16.4.1)
CVE-2022-28836 7.8 - High - September 11, 2023

Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Adobe InCopy <=17.1 Use-After-Free - Arbitrary Code Exec
CVE-2022-28835 7.8 - High - September 11, 2023

Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Adobe InCopy OOB Write CVE-2022-28834 - Arbitrary Code Exec
CVE-2022-28834 7.8 - High - September 11, 2023

Memory Corruption

InCopy 18.1/17.4 Use-After-Free Enables Arbitrary Code Execution
CVE-2023-22235 7.8 - High - April 12, 2023

InCopy versions 18.1 (and earlier), 17.4 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Adobe InCopy <=18.0,17.4 OOB Write, Arbitrary Code Exec
CVE-2023-21597 7.8 - High - January 13, 2023

Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Adobe InCopy 18.0 Heap Buffer Overflow Arbitrary Code Exec
CVE-2023-21594 7.8 - High - January 13, 2023

Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Heap-based Buffer Overflow

Adobe InCopy <18 & <17.4 Improper Input Validation, Code Exec
CVE-2023-21596 7.8 - High - January 13, 2023

Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Improper Input Validation

Adobe InCopy UA-FREE before 18.0, 17.4 Vulnerable File Handling
CVE-2023-21598 5.5 - Medium - January 13, 2023

Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Adobe InCopy 18.0 (<=18.0) OOB Read Enables Memory Disclosure
CVE-2023-21599 5.5 - Medium - January 13, 2023

Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Adobe InCopy <17.3 Vulnerable to OOB Read Exploiting ASLR Bypass
CVE-2022-38407 5.5 - Medium - September 16, 2022

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Adobe InCopy OOB Read v17.3 & 16.4.2 (ASLR Bypass)
CVE-2022-38406 5.5 - Medium - September 16, 2022

Out-of-bounds Read

Heap Buffer Overflw in Adobe InCopy 17.3/16.4.2 & Older Code Exec
CVE-2022-38405 7.8 - High - September 16, 2022

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Adobe InCopy 17.3 Heap-Based Buffer Overflow in File Parser
CVE-2022-38404 7.8 - High - September 16, 2022

Memory Corruption

Adobe InCopy 17.3 Heap Buffer Overflow: Arbitrary Code Execution (requires user interaction)
CVE-2022-38402 7.8 - High - September 16, 2022

Out-of-bounds Read

Adobe InCopy 17.3 / 16.4.2: Heap Buffer Overflow (Arbitrary Code Exec)
CVE-2022-38401 7.8 - High - September 16, 2022

Memory Corruption

Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file
CVE-2021-39818 7.8 - High - September 27, 2021

Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Buffer Overflow

Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious XML file
CVE-2021-39819 7.8 - High - September 27, 2021

Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious XML file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Buffer Overflow

InCopy version 15.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability
CVE-2021-21010 7 - High - January 13, 2021

InCopy version 15.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

DLL preloading

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Adobe Incopy or by Adobe? Click the Watch button to subscribe.

Adobe
Vendor

Adobe Incopy
Product

Adobe Incopy

Don't miss out!

Recent Adobe Incopy Security Advisories

By the Year

Recent Adobe Incopy Security Vulnerabilities

Adobe InCopy <21.0 Heap Buffer Overflow Arbitrary Code Exec CVE-2026-21281 7.8 - High - January 13, 2026

Adobe InCopy Heap Buffer Overflow <20.5, 19.5.5 (arbitrary code exec) CVE-2025-61816 7.8 - High - November 11, 2025

Use After Free in InCopy <20.5 - Arbitrary Code Exec CVE-2025-61818 7.8 - High - November 11, 2025

Use After Free in Adobe InCopy Before 20.5/19.5.5 Enables Arbitrary Code Execution CVE-2025-61817 7.8 - High - November 11, 2025

Adobe InCopy OOB in File Parser Before 20.4 CVE-2025-54216 7.8 - High - August 12, 2025

Adobe InCopy UAF (<20.4/19.5.4) via Malicious File CVE-2025-54223 7.8 - High - August 12, 2025

Adobe InCopy OOB Write -> Arbitrary Code Execution (CVE-2025-54221) CVE-2025-54221 7.8 - High - August 12, 2025

Adobe InCopy Heap BOV (RCE) v <= 20.4 CVE-2025-54220 7.8 - High - August 12, 2025

Heap-buffer overflow in InCopy <20.4 via malicious file CVE-2025-54219 7.8 - High - August 12, 2025

Adobe InCopy <=20.4 OOB Write via Malicious File CVE-2025-54218 7.8 - High - August 12, 2025

Adobe InCopy <20.5 Heap Buffer Overflow CVE-2025-54217 7.8 - High - August 12, 2025

InCopy <=20.4 OOB Write via Malicious File CVE-2025-54215 7.8 - High - August 12, 2025

Adobe InCopy <=20.3 Heap Buffer Overflow -> Code Exec via Malicious File CVE-2025-47099 7.8 - High - July 08, 2025

Adobe InCopy <20.3 Uninitialized Pointer CVE-2025-47098 Code Exec via File CVE-2025-47098 7.8 - High - July 08, 2025

Adobe InCopy 20.3 and earlier: Integer Underflow CVE-2025-47097 CVE-2025-47097 7.8 - High - July 08, 2025

InCopy <20.3 Heap Buffer Overflow (Arbitrary Code Exec) CVE-2025-47107 7.8 - High - June 10, 2025

InCopy Integer Overflow in 20.2/19.5.3 – Vulnerable to Arbitrary Code Execution CVE-2025-30327 7.8 - High - June 10, 2025

Adobe InCopy <20.0: Integer Underflow Arbitrary Code Exec CVE-2025-21156 7.8 - High - February 11, 2025

Adobe InCopy <19.4, <18.5.3: Unsafe File Upload Remote Code Exec (CVE-2024-45136) CVE-2024-45136 7.8 - High - October 09, 2024

Adobe InCopy <=19.4 Integer Overflow Allowing Arbitrary Code Exec CVE-2024-41858 7.8 - High - August 14, 2024

Adobe InCopy OOB Read CVE-2023-26368 18.5-17.4.2 Allows Code Exec CVE-2023-26368 7.8 - High - November 16, 2023

Adobe InCopy OOB Write Arbitrary Code Exec (17.1 / 16.4.1) CVE-2022-28836 7.8 - High - September 11, 2023

Adobe InCopy <=17.1 Use-After-Free - Arbitrary Code Exec CVE-2022-28835 7.8 - High - September 11, 2023

Adobe InCopy OOB Write CVE-2022-28834 - Arbitrary Code Exec CVE-2022-28834 7.8 - High - September 11, 2023

InCopy 18.1/17.4 Use-After-Free Enables Arbitrary Code Execution CVE-2023-22235 7.8 - High - April 12, 2023

Adobe InCopy <=18.0,17.4 OOB Write, Arbitrary Code Exec CVE-2023-21597 7.8 - High - January 13, 2023

Adobe InCopy 18.0 Heap Buffer Overflow Arbitrary Code Exec CVE-2023-21594 7.8 - High - January 13, 2023

Adobe InCopy <18 & <17.4 Improper Input Validation, Code Exec CVE-2023-21596 7.8 - High - January 13, 2023

Adobe InCopy UA-FREE before 18.0, 17.4 Vulnerable File Handling CVE-2023-21598 5.5 - Medium - January 13, 2023

Adobe InCopy 18.0 (<=18.0) OOB Read Enables Memory Disclosure CVE-2023-21599 5.5 - Medium - January 13, 2023

Adobe InCopy <17.3 Vulnerable to OOB Read Exploiting ASLR Bypass CVE-2022-38407 5.5 - Medium - September 16, 2022

Adobe InCopy OOB Read v17.3 & 16.4.2 (ASLR Bypass) CVE-2022-38406 5.5 - Medium - September 16, 2022

Heap Buffer Overflw in Adobe InCopy 17.3/16.4.2 & Older Code Exec CVE-2022-38405 7.8 - High - September 16, 2022

Adobe InCopy 17.3 Heap-Based Buffer Overflow in File Parser CVE-2022-38404 7.8 - High - September 16, 2022

Adobe InCopy 17.3 Heap Buffer Overflow: Arbitrary Code Execution (requires user interaction) CVE-2022-38402 7.8 - High - September 16, 2022

Adobe InCopy 17.3 / 16.4.2: Heap Buffer Overflow (Arbitrary Code Exec) CVE-2022-38401 7.8 - High - September 16, 2022

Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file CVE-2021-39818 7.8 - High - September 27, 2021

Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious XML file CVE-2021-39819 7.8 - High - September 27, 2021

InCopy version 15.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability CVE-2021-21010 7 - High - January 13, 2021

Stay on top of Security Vulnerabilities

Adobe Vendor

Adobe IncopyProduct

Adobe InCopy <21.0 Heap Buffer Overflow Arbitrary Code Exec
CVE-2026-21281 7.8 - High - January 13, 2026

Adobe InCopy Heap Buffer Overflow <20.5, 19.5.5 (arbitrary code exec)
CVE-2025-61816 7.8 - High - November 11, 2025

Use After Free in InCopy <20.5 - Arbitrary Code Exec
CVE-2025-61818 7.8 - High - November 11, 2025

Use After Free in Adobe InCopy Before 20.5/19.5.5 Enables Arbitrary Code Execution
CVE-2025-61817 7.8 - High - November 11, 2025

Adobe InCopy OOB in File Parser Before 20.4
CVE-2025-54216 7.8 - High - August 12, 2025

Adobe InCopy UAF (<20.4/19.5.4) via Malicious File
CVE-2025-54223 7.8 - High - August 12, 2025

Adobe InCopy OOB Write -> Arbitrary Code Execution (CVE-2025-54221)
CVE-2025-54221 7.8 - High - August 12, 2025

Adobe InCopy Heap BOV (RCE) v <= 20.4
CVE-2025-54220 7.8 - High - August 12, 2025

Heap-buffer overflow in InCopy <20.4 via malicious file
CVE-2025-54219 7.8 - High - August 12, 2025

Adobe InCopy <=20.4 OOB Write via Malicious File
CVE-2025-54218 7.8 - High - August 12, 2025

Adobe InCopy <20.5 Heap Buffer Overflow
CVE-2025-54217 7.8 - High - August 12, 2025

InCopy <=20.4 OOB Write via Malicious File
CVE-2025-54215 7.8 - High - August 12, 2025

Adobe InCopy <=20.3 Heap Buffer Overflow -> Code Exec via Malicious File
CVE-2025-47099 7.8 - High - July 08, 2025

Adobe InCopy <20.3 Uninitialized Pointer CVE-2025-47098 Code Exec via File
CVE-2025-47098 7.8 - High - July 08, 2025

Adobe InCopy 20.3 and earlier: Integer Underflow CVE-2025-47097
CVE-2025-47097 7.8 - High - July 08, 2025

InCopy <20.3 Heap Buffer Overflow (Arbitrary Code Exec)
CVE-2025-47107 7.8 - High - June 10, 2025

InCopy Integer Overflow in 20.2/19.5.3 – Vulnerable to Arbitrary Code Execution
CVE-2025-30327 7.8 - High - June 10, 2025

Adobe InCopy <20.0: Integer Underflow Arbitrary Code Exec
CVE-2025-21156 7.8 - High - February 11, 2025

Adobe InCopy <19.4, <18.5.3: Unsafe File Upload Remote Code Exec (CVE-2024-45136)
CVE-2024-45136 7.8 - High - October 09, 2024

Adobe InCopy <=19.4 Integer Overflow Allowing Arbitrary Code Exec
CVE-2024-41858 7.8 - High - August 14, 2024

Adobe InCopy OOB Read CVE-2023-26368 18.5-17.4.2 Allows Code Exec
CVE-2023-26368 7.8 - High - November 16, 2023

Adobe InCopy OOB Write Arbitrary Code Exec (17.1 / 16.4.1)
CVE-2022-28836 7.8 - High - September 11, 2023

Adobe InCopy <=17.1 Use-After-Free - Arbitrary Code Exec
CVE-2022-28835 7.8 - High - September 11, 2023

Adobe InCopy OOB Write CVE-2022-28834 - Arbitrary Code Exec
CVE-2022-28834 7.8 - High - September 11, 2023

InCopy 18.1/17.4 Use-After-Free Enables Arbitrary Code Execution
CVE-2023-22235 7.8 - High - April 12, 2023

Adobe InCopy <=18.0,17.4 OOB Write, Arbitrary Code Exec
CVE-2023-21597 7.8 - High - January 13, 2023

Adobe InCopy 18.0 Heap Buffer Overflow Arbitrary Code Exec
CVE-2023-21594 7.8 - High - January 13, 2023

Adobe InCopy <18 & <17.4 Improper Input Validation, Code Exec
CVE-2023-21596 7.8 - High - January 13, 2023

Adobe InCopy UA-FREE before 18.0, 17.4 Vulnerable File Handling
CVE-2023-21598 5.5 - Medium - January 13, 2023

Adobe InCopy 18.0 (<=18.0) OOB Read Enables Memory Disclosure
CVE-2023-21599 5.5 - Medium - January 13, 2023

Adobe InCopy <17.3 Vulnerable to OOB Read Exploiting ASLR Bypass
CVE-2022-38407 5.5 - Medium - September 16, 2022

Adobe InCopy OOB Read v17.3 & 16.4.2 (ASLR Bypass)
CVE-2022-38406 5.5 - Medium - September 16, 2022

Heap Buffer Overflw in Adobe InCopy 17.3/16.4.2 & Older Code Exec
CVE-2022-38405 7.8 - High - September 16, 2022

Adobe InCopy 17.3 Heap-Based Buffer Overflow in File Parser
CVE-2022-38404 7.8 - High - September 16, 2022

Adobe InCopy 17.3 Heap Buffer Overflow: Arbitrary Code Execution (requires user interaction)
CVE-2022-38402 7.8 - High - September 16, 2022

Adobe InCopy 17.3 / 16.4.2: Heap Buffer Overflow (Arbitrary Code Exec)
CVE-2022-38401 7.8 - High - September 16, 2022

Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file
CVE-2021-39818 7.8 - High - September 27, 2021

Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious XML file
CVE-2021-39819 7.8 - High - September 27, 2021

InCopy version 15.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability
CVE-2021-21010 7 - High - January 13, 2021

Adobe
Vendor

Adobe Incopy
Product