Adobe Systems Incorporated AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Adobe Systems Incorporated AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Adobe Systems Incorporated CWE-787

Adobe Systems Incorporated CWE-788

CWE-788 / More specific CWE option available

Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) is affected by an Out-of-bounds Write vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

NIST CWE-787

AND
     OR
          *cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:* versions up to (including) 16.3
     OR
          cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:* versions up to (including) 16.3.2
     OR
          cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

NIST (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Victim must voluntarily interact with attack mechanism

https://helpx.adobe.com/security/products/indesign/apsb21-73.html No Types Assigned

https://helpx.adobe.com/security/products/indesign/apsb21-73.html Release Notes, Vendor Advisory