CVE-2021-42732: 
Adobe InDesign vulnerability analysis and mitigation

CVE-2021-42732 is a security vulnerability discovered in Adobe InDesign that involves Access of Memory Location After End of Buffer (CWE-788). The vulnerability was initially recorded on October 19, 2021, and affects Adobe InDesign versions up to and including 16.4 on both Windows and macOS platforms (NVD Database, Adobe Advisory).

The vulnerability is classified as a critical severity issue with a CVSS v3.1 base score of 7.8 (High). The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating that the vulnerability requires local access and user interaction, but no privileges, and can result in high impacts to confidentiality, integrity, and availability (NVD Database).

The vulnerability can lead to arbitrary code execution (ACE) through access to memory location after the end of a buffer. This type of memory issue can be exploited similarly to a standard buffer overflow in worst-case scenarios (Threatpost Article).

Adobe has released patches to address this vulnerability. The fix was part of a larger security update that addressed multiple vulnerabilities across Adobe products. The advisory is listed as priority 3, which is the lowest risk level, meaning that administrators can patch at their discretion (Threatpost Article).

The vulnerability was discovered and reported by researchers from the Topsec Alpha Team. It was part of a larger Adobe security bulletin that addressed 92 vulnerabilities across 14 products, with 66 rated as critical in severity (Threatpost Article).