June 27, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Bitter APT – Active IOCs
August 21, 2024
Charming Kitten Delivers New BlackSmith Malware Toolset through Fake Podcast Invitation – Active IOCs
August 21, 2024
Bitter APT – Active IOCs
August 21, 2024
Charming Kitten Delivers New BlackSmith Malware Toolset through Fake Podcast Invitation – Active IOCs
August 21, 2024
Severity
Medium
Analysis Summary
CVE-2024-39395 CVSS:5.5
Adobe InDesign is vulnerable to a denial of service, caused by a NULL pointer dereference. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-34127 CVSS:5.5
Adobe InDesign could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-41861 CVSS:5.5
Adobe Substance 3D Sampler could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-41862 CVSS:5.5
Adobe Substance 3D Sampler could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
Impact
- Information Disclosure
- Denial of Service
Indicators of Compromise
CVE
- CVE-2024-39395
- CVE-2024-34127
- CVE-2024-41861
- CVE-2024-41862
Affected Vendors
Adobe
Affected Products
- Adobe InDesign Desktop - ID18.5.2
- Adobe InDesign Desktop - ID19.4
- Adobe Substance3D - Sampler - 4.5
Remediation
Refer to Adobe Security Advisory for patch, upgrade or suggested workaround information.