Adobe InDesign
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Adobe InDesign.
Recent Adobe InDesign Security Advisories
| Advisory | Title | Published |
|---|---|---|
| APSB26-17 | Security Update Available for Adobe InDesign | APSB26-17 | February 10, 2026 |
| APSB26-02 | Security Update Available for Adobe InDesign | APSB26-02 | January 13, 2026 |
| APSB25-106 | Security Update Available for Adobe InDesign | APSB25-106 | November 11, 2025 |
| APSB25-79 | Security Update Available for Adobe InDesign | APSB25-79 | August 12, 2025 |
| APSB25-60 | Security Update Available for Adobe InDesign | APSB25-60 | July 8, 2025 |
| APSB25-53 | Security Update Available for Adobe InDesign | APSB25-53 | June 10, 2025 |
| APSB25-37 | Security Update Available for Adobe InDesign | APSB25-37 | May 13, 2025 |
| APSB25-19 | Security Update Available for Adobe InDesign | APSB25-19 | March 11, 2025 |
| APSB25-01 | Security Update Available for Adobe InDesign | APSB25-01 | February 11, 2025 |
| APSB24-97 | Security Update Available for Adobe InDesign | APSB24-97 | December 10, 2024 |
By the Year
In 2026 there have been 8 vulnerabilities in Adobe InDesign with an average score of 6.9 out of ten. Last year, in 2025 InDesign had 52 security vulnerabilities published. Right now, InDesign is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 0.24
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 8 | 6.94 |
| 2025 | 52 | 7.18 |
| 2024 | 45 | 6.62 |
| 2023 | 25 | 6.33 |
| 2022 | 17 | 6.45 |
| 2021 | 0 | 0.00 |
| 2020 | 5 | 7.80 |
It may take a day or so for new InDesign vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Adobe InDesign Security Vulnerabilities
InDesign Desktop Heap Buffer Overflow v21.1 and earlier
CVE-2026-21358
5.5 - Medium
- February 10, 2026
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Adobe InDesign Desktop 21.1/20.5.1 Heap Overflow - Arbitrary Code via File
CVE-2026-21357
7.8 - High
- February 10, 2026
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Adobe InDesign Desktop 21.1: OOB read exposes memory
CVE-2026-21332
5.5 - Medium
- February 10, 2026
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe InDesign Heap-Based BO Vulnerable Before 21.0/19.5.5 via Malicious File
CVE-2026-21277
7.8 - High
- January 13, 2026
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Adobe InDesign Desktop 21.0 Heap-overflow, code exec
CVE-2026-21304
7.8 - High
- January 13, 2026
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Adobe InDesign Desktop <21.0/19.5.5: Uninit Ptr CVE-2026-21275
CVE-2026-21275
7.8 - High
- January 13, 2026
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Access of Uninitialized Pointer
Adobe InDesign Desktop 21.0 OOB Read Vulnerability
CVE-2026-21278
5.5 - Medium
- January 13, 2026
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe InDesign Access of Uninitialized Pointer Vulnerability in v21.0, 19.5.5
CVE-2026-21276
7.8 - High
- January 13, 2026
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Access of Uninitialized Pointer
Adobe InDesign Desktop Use-After-Free (UAF) before 20.5
CVE-2025-61815
7.8 - High
- November 11, 2025
InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe InDesign UAF Vulnerability (20.5/19.5.5)
CVE-2025-61814
7.8 - High
- November 11, 2025
InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe InDesign Desktop 20.5/19.5.5 & Earlier: Heap Buffer Overflow
CVE-2025-61824
7.8 - High
- November 11, 2025
InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Heap Overflow in Adobe InDesign Desktop (20.5) Arbitrary Exec
CVE-2025-61832
7.8 - High
- November 11, 2025
InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Adobe InDesign 20.4 OOB Read Disclosure
CVE-2025-54228
5.5 - Medium
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
InDesign OOB Read (CVE-2025-54227) Mem Disclosure v<=20.4
CVE-2025-54227
5.5 - Medium
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe InDesign OOB Read (CVE-2025-54214) – Desktop <20.4
CVE-2025-54214
5.5 - Medium
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe InDesign Desktop UAF in 20.4/19.5.4
CVE-2025-54226
7.8 - High
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
InDesign Desktop UAF in versions <=20.4, 19.5.4 & earlier
CVE-2025-54225
7.8 - High
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
InDesign Desktop before 20.4 UAF
CVE-2025-54224
7.8 - High
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe InDesign OOB Write v20.4 and earlier
CVE-2025-54206
7.8 - High
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobes InDesign Out-of-Bounds Write (20.4/19.5.4)
CVE-2025-54213
7.8 - High
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe InDesign 20.4 Heap Buffer Overflow (malicious file)
CVE-2025-54212
7.8 - High
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Adobe InDesign Heap BF in versions <20.4
CVE-2025-54211
7.8 - High
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Adobe InDesign OOB Write in Desktop 20.4/19.5.4 (before 20.4)
CVE-2025-54210
7.8 - High
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
InDesign Desktop Heap Buffer Overflow v20.4/19.5.4 and earlier
CVE-2025-54209
7.8 - High
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
RCE via OOB Write in Adobe InDesign <20.5
CVE-2025-54208
7.8 - High
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe InDesign RCE via Uninitialized Pointer (v20.4, v19.5.4 and prior)
CVE-2025-54207
7.8 - High
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Access of Uninitialized Pointer
InDesign Desktop Heap-based Overflow 19.5.3 and earlier
CVE-2025-47103
7.8 - High
- July 08, 2025
InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Adobe InDesign Desktop OOB Write in 19.5.3 or earlier for arbitrary code exec
CVE-2025-43594
7.8 - High
- July 08, 2025
InDesign Desktop versions 19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe InDesign Desktop <19.5.3 Vulnerability: Access of Uninitialized Pointer
CVE-2025-43592
7.8 - High
- July 08, 2025
InDesign Desktop versions 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Access of Uninitialized Pointer
Adobe InDesign Desktop <=19.5.3 Heap Overflow: Arbitrary Code Execution
CVE-2025-43591
7.8 - High
- July 08, 2025
InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Integer Underflow <19.5.3 causing code exec in Adobe InDesign Desktop
CVE-2025-47136
7.8 - High
- July 08, 2025
InDesign Desktop versions 19.5.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer underflow
Adobe InDesign 19.5.3 Heap Buffer Overflow (CVE-2025-47134)
CVE-2025-47134
7.8 - High
- July 08, 2025
InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Adobe InDesign Desktop <20.2 UAF in File Parser bypassing ASLR
CVE-2025-47106
5.5 - Medium
- June 10, 2025
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe InDesign Desktop <=20.2 OOB Read Exposes Memory & Might Bypass ASLR
CVE-2025-47105
5.5 - Medium
- June 10, 2025
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe InDesign Desktop OOB Read CVE-2025-47104 (ID20.2 and earlier)
CVE-2025-47104
5.5 - Medium
- June 10, 2025
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe InDesign Desktop OOB Write CVE-2025-43593 Before 20.2
CVE-2025-43593
7.8 - High
- June 10, 2025
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe InDesign <20.2 OOB Write Allows Arbitrary Exec
CVE-2025-43590
7.8 - High
- June 10, 2025
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe InDesign <=20.2 Use-After-Free Yields Arbitrary Code Exec
CVE-2025-43589
7.8 - High
- June 10, 2025
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe InDesign OOB Write vID20.2–ID19.5.3 – Arbitrary Code Exec
CVE-2025-43558
7.8 - High
- June 10, 2025
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe InDesign Desktop <=20.2 NULL Pointer Deref
CVE-2025-30321
5.5 - Medium
- June 10, 2025
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Adobe InDesign Desktop <=20.2 Heap Buffer Overflow / Arbitrary Code Exec
CVE-2025-30317
7.8 - High
- June 10, 2025
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
InDesign Desktop NULL Pointer Deref before ID20.2 Causes DoS
CVE-2025-30320
5.5 - Medium
- May 13, 2025
InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
InDesign Desktop OOB Write (ID19.5.2/ID20.2-) CVE-2025-30318
CVE-2025-30318
7.8 - High
- May 13, 2025
InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
InDesign <=20.2 NULL Pointer Deref -> Application DoS
CVE-2025-30319
5.5 - Medium
- May 13, 2025
InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
InDesign Desktop Heap Overflow ID20.1/ID19.5.2 (CVE-2025-27177)
CVE-2025-27177
7.8 - High
- March 11, 2025
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Heap Overflow in Adobe InDesign 20.1 (CVE-2025-24453)
CVE-2025-24453
7.8 - High
- March 11, 2025
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
InDesign Desktop OOB Write CVE-2025-27166 (Before v20.1)
CVE-2025-27166
7.8 - High
- March 11, 2025
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe InDesign Desktop ID20.1 Heap Buffer Overflow CVE-2025-27171
CVE-2025-27171
7.8 - High
- March 11, 2025
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
InDesign Desktop OOBW (Arbitrary Exec) ID20.1+
CVE-2025-27175
7.8 - High
- March 11, 2025
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe InDesign Desktop NPD Vulnerability ID20.1 & Earlier
CVE-2025-27179
5.5 - Medium
- March 11, 2025
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Adobe InDesign or by Adobe? Click the Watch button to subscribe.
