CVE-2024-49529

Name of the Vulnerable Software and Affected Versions: Adobe InDesign versions 19.0, 20.0 and earlier

Description: The issue is related to an out-of-bounds read vulnerability in Adobe InDesign when processing JP2 files. This could allow an attacker to bypass the Address Space Layout Randomization (ASLR) protection mechanism and gain unauthorized access to sensitive information. Exploitation requires user interaction, such as opening a malicious file, and could lead to the disclosure of sensitive memory.

Recommendations: For versions 19.0 and earlier: Upgrade to a version later than 20.0 to mitigate the risk. For version 20.0: Upgrade to a version later than 20.0 to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.