CVE-2022-30673: 
Adobe InDesign vulnerability analysis and mitigation

CVE-2022-30673 is an Out-of-Bounds Read vulnerability discovered in Adobe InDesign that was disclosed and patched in September 2022. The vulnerability affects Adobe InDesign 2022 version 17.3 and earlier, as well as Adobe InDesign 2021 version 16.4.2 and earlier on Windows platforms (Fortinet Blog, Adobe Security).

The vulnerability exists in the decoding of QuarkXPress Drawing 'QXD' files in Adobe InDesign. Specifically, the vulnerability is caused by a malformed QXD file, which triggers an out-of-bounds memory read due to an improper bounds check. The vulnerability has been classified as 'Important' severity and is categorized under CWE-125 (Out-of-bounds Read) (Fortinet Blog).

When exploited, this vulnerability allows attackers to leak sensitive information within the context of the application through the use of a specially crafted QXD file (Fortinet Blog).

Adobe has released security patches to address this vulnerability. Users are advised to update to the latest version of Adobe InDesign. Additionally, Fortinet customers are protected through the IPS signature Adobe.InDesign.CVE-2022-30673.Memory.Leak, and FortiEDR provides detection and prevention of exploitation attempts (Fortinet Blog, Adobe Security).