Listen to this Post
How CVE-2025-47104 Works
CVE-2025-47104 is an out-of-bounds read vulnerability in Adobe InDesign (versions ID20.2, ID19.5.3, and earlier). When a user opens a maliciously crafted file, the software reads data beyond the intended memory buffer, potentially exposing sensitive information. This flaw can be exploited to bypass Address Space Layout Randomization (ASLR), aiding further exploitation. Attackers must trick users into opening a malicious document, making user interaction a key factor. The vulnerability stems from improper bounds checking during file parsing, leading to unintended memory access.
DailyCVE Form
Platform: Adobe InDesign
Version: ID20.2, ID19.5.3
Vulnerability: Out-of-Bounds Read
Severity: Medium
Date: 06/16/2025
Prediction: Patch by 07/15/2025
What Undercode Say
Check InDesign version indesign --version Debug memory dump gdb -q /opt/Adobe/InDesign/id20.2 ASLR bypass check cat /proc/sys/kernel/randomize_va_space
How Exploit
- Craft malicious .indd file
- Trigger OOB read via malformed object
- Leak memory addresses to bypass ASLR
Protection from this CVE
- Update to patched version
- Disable macros in untrusted files
- Enable DEP/ASLR enforcement
Impact
- Sensitive memory disclosure
- ASLR bypass potential
- Limited to user interaction
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
