CVE-2022-28833: 
Adobe InDesign vulnerability analysis and mitigation

Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability identified as CVE-2022-28833. The vulnerability was discovered by Mat Powell of Trend Micro Zero Day Initiative and was publicly disclosed on May 10, 2022. This security flaw affects Adobe InDesign's font parsing functionality and requires user interaction to be exploited (ZDI Advisory, Adobe Advisory).

The vulnerability is classified as an out-of-bounds write vulnerability (CWE-787) that occurs within the parsing of embedded fonts. When processing crafted data in a font, the application can trigger a write operation past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (ZDI Advisory, NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The high CVSS score indicates that the vulnerability can potentially lead to significant impacts on confidentiality, integrity, and availability of the affected system (ZDI Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe InDesign. The fix was included in Adobe InDesign version 17.2 (ManageEngine).