CVE-2021-43016: 
Adobe InDesign vulnerability analysis and mitigation

Adobe InCopy version 16.4 and earlier versions were found to contain a Null pointer dereference vulnerability (CVE-2021-43016). The vulnerability was discovered and disclosed on November 9, 2021, affecting both Windows and macOS platforms. This security flaw requires user interaction, specifically opening a malicious file, to be exploited (NVD).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) that occurs when parsing specially crafted files. The severity assessment according to CVSS 3.1 Base Score is 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. Under CVSS 2.0, it received a Base Score of 4.3 (MEDIUM) with the vector (AV:N/AC:M/Au:N/C:N/I:N/A:P) (NVD).

When successfully exploited, this vulnerability can lead to an application denial-of-service condition in the context of the current user. The impact is limited to availability, with no direct effect on confidentiality or integrity of the system (NVD).

Adobe has released security patches to address this vulnerability. Users of Adobe InCopy version 16.4 and earlier versions on both Windows and macOS platforms should update to the latest version as detailed in Adobe's security bulletin (SecurityWeek, Adobe Advisory).

The vulnerability was discovered by HY350 of Topsec Alpha Team, who worked with Adobe to responsibly disclose and address the security issue (SecurityWeek).