CVE-2022-30651: 
Adobe InCopy vulnerability analysis and mitigation

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that was disclosed in 2022. The vulnerability requires user interaction, specifically opening a malicious file, to be exploited (NVD).

The vulnerability is classified as an out-of-bounds read (CWE-125) that occurs when parsing a crafted file, which could result in reading past the end of an allocated memory structure. The vulnerability has been assigned a CVSS v3.0 base score of 7.8 (High) with the vector string CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, and a CVSS v2.0 score of 9.3 (NVD, Adobe Advisory).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. The high CVSS scores indicate significant potential impact on the confidentiality, integrity, and availability of the affected system (NVD).

Users should update to versions newer than InCopy 17.2 or 16.4.1 to address this vulnerability. The affected versions include all releases up to and including 16.4.1, and versions from 17.0 up to and including 17.2 (NVD).