CVE-2024-49549 – Adobe InDesign has an out-of-bounds read vulner... (How to Fix)

Q: What is the severity of CVE-2024-49549?

CVE-2024-49549 has a CVSS score of 5.5 (MEDIUM). Adobe InDesign has an out-of-bounds read vulnerability that could allow an attacker to read sensitive memory contents and potentially bypass ASLR protections. This affects users of InDesign Desktop versions ID19.5, ID18.5.4 and earlier who open malicious files. The vulnerability requires user interaction through opening a crafted document.

📋 TL;DR

Adobe InDesign has an out-of-bounds read vulnerability that could allow an attacker to read sensitive memory contents and potentially bypass ASLR protections. This affects users of InDesign Desktop versions ID19.5, ID18.5.4 and earlier who open malicious files. The vulnerability requires user interaction through opening a crafted document.

💻 Affected Systems

Products:

Adobe InDesign Desktop

Versions: ID19.5, ID18.5.4 and earlier

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected versions are vulnerable when opening files.

📦 What is this software?

Indesign by Adobe

View all CVEs affecting Indesign →

Indesign by Adobe

View all CVEs affecting Indesign →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory disclosure could lead to ASLR bypass, enabling more sophisticated attacks like remote code execution through chained exploits.

🟠

Likely Case

Information disclosure of memory contents, potentially revealing sensitive data or system information.

🟢

If Mitigated

Limited impact with proper file handling policies and user awareness training.

🌐 Internet-Facing: LOW - Requires user to open malicious files, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious documents via email or shared drives.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) and knowledge of memory layout for effective ASLR bypass.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: ID19.5.1 and ID18.5.5

Vendor Advisory: https://helpx.adobe.com/security/products/indesign/apsb24-97.html

Restart Required: Yes

Instructions:

1. Open Adobe InDesign. 2. Go to Help > Updates. 3. Install available updates. 4. Restart InDesign. Alternatively, download updates from Adobe's website.

🔧 Temporary Workarounds

Restrict file opening

all

Configure policies to prevent opening untrusted InDesign files

User awareness training

all

Train users to only open InDesign files from trusted sources

🧯 If You Can't Patch

Implement application whitelisting to restrict InDesign execution
Use email filtering to block suspicious InDesign attachments

🔍 How to Verify

Check if Vulnerable:

Check InDesign version via Help > About InDesign. If version is ID19.5 or earlier, or ID18.5.4 or earlier, system is vulnerable.

Check Version:

On Windows: Check via Control Panel > Programs. On macOS: Check via About This Mac > System Report > Applications.

Verify Fix Applied:

Verify version is ID19.5.1 or later, or ID18.5.5 or later after applying updates.

📡 Detection & Monitoring

Log Indicators:

Unexpected InDesign crashes
Large memory reads in process monitoring

Network Indicators:

Downloads of InDesign files from untrusted sources

SIEM Query:

EventID=4688 AND ProcessName='indesign.exe' AND CommandLine CONTAINS '.indd' OR '.indt'

📊 Metadata

CVE ID: CVE-2024-49549

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-125

Published: December 10, 2024

Last Updated: December 18, 2024

🔗 References

https://helpx.adobe.com/security/products/indesign/apsb24-97.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-49549, you might also want to check these: