CVE-2023-29318: 
Adobe InDesign vulnerability analysis and mitigation

Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that was discovered in March 2023 and publicly disclosed on July 11, 2023. The vulnerability exists in decoding QuarkXPress Drawing 'QXD' files in Adobe InDesign, affecting both Windows and macOS platforms (Fortinet Blog, NVD).

The vulnerability (CWE-125) is caused by a malformed QXD file, which triggers an out-of-bounds memory read due to an improper bounds check. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N (NVD).

When exploited, this vulnerability could lead to disclosure of sensitive memory and potentially allow attackers to bypass security mitigations such as ASLR (Address Space Layout Randomization). The vulnerability specifically affects the application's handling of QXD files and could result in information leakage (NVD, Fortinet Blog).

Adobe has released security patches to address this vulnerability. Users are strongly advised to update to the latest version of Adobe InDesign. Additionally, Fortinet has implemented protective measures through their IPS signature system to detect and prevent exploitation attempts (Fortinet Blog).