=====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN567
_____________________________________________________________________

DATE                : 27/10/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Adobe InDesign versions prior to
                                         17.0.

=====================================================================
https://helpx.adobe.com/security/products/indesign/apsb21-107.html
_____________________________________________________________________


Last updated on Oct 26, 2021

Security Update Available for Adobe InDesign | APSB21-107


Bulletin ID         Date Published          Priority

APSB21-107          October 26, 2021        3


Summary

Adobe has released a security update for Adobe InDesign.  This update
addresses critical and  Important vulnerabilities. Successful
exploitation could lead to arbitrary code execution and application
denial of service.


Affected versions

Product             Affected version            Platform
Adobe InDesign      16.4 and earlier versions   Windows and macOS


Solution

Adobe categorizes these updates with the following priority rating and
recommends users update their software installations via the Creative
Cloud desktop app updater, or by navigating to the InDesign Help menu
and clicking "Updates." For more information, please reference this help
page.


Product   Updated version    Platform    Priority rating    Availability

Adobe InDesign    17.0      Windows and macOS       3      Release Note 

For managed environments, IT administrators can use the Creative Cloud
Packager to create deployment packages. Refer to this help page for more
information.


Vulnerability Details

Vulnerability Category   Vulnerability Impact  Severity   CVSS base
score    CVSS vector     CVE Number

NULL Pointer Dereference (CWE-476)   Application denial-of-service
Important   5.5    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-40743

Access of Memory Location After End of Buffer (CWE-788)
Arbitrary code execution    Critical    7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H     CVE-2021-42732

Buffer Overflow (CWE-120)    Arbitrary code execution   Critical   7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H      CVE-2021-42731


Acknowledgments

Adobe would like to thank the following researcher for
reporting this issue and for working with Adobe to help protect our
customers:   

    (hy350) HY350 of Topsec Alpha Team CVE-2021-40743

    (yjdfy) CQY of Topsec Alpha Team CVE-2021-42732

    (cff_123) CFF of Topsec Alpha Team CVE-2021-42731

For more information, visit https://helpx.adobe.com/security.html, or
email PSIRT@adobe.com



=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================