CVE-2021-45059: 
Adobe InDesign vulnerability analysis and mitigation

Adobe InDesign version 16.4 and earlier versions were found to contain a use-after-free vulnerability (CVE-2021-45059) in the processing of JPEG2000 files. The vulnerability was disclosed on January 13, 2022, and was discovered by Mat Powell of Trend Micro Zero Day Initiative (NVD, Adobe Advisory).

The vulnerability is classified as a use-after-free (CWE-416) issue that occurs during the processing of JPEG2000 files. It received a CVSS v3.1 Base Score of 3.3 (LOW) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N, and a CVSS v2.0 Base Score of 4.3 (MEDIUM) with the vector string (AV:N/AC:M/Au:N/C:P/I:N/A:N) (NVD).

The vulnerability could lead to disclosure of sensitive memory and potentially allow attackers to bypass security mitigations such as ASLR (Address Space Layout Randomization). The impact is primarily focused on confidentiality, with no direct impact on integrity or availability of the system (NVD).

Adobe has addressed this vulnerability in versions after InDesign 16.4. Users are advised to update to the latest version of Adobe InDesign to mitigate this security issue (Adobe Advisory).