CVE-2023-47077: 
Adobe InDesign vulnerability analysis and mitigation

Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability identified as CVE-2023-47077. The vulnerability was discovered and reported through Adobe's private bug bounty program with HackerOne, with the CVE being initially recorded on October 30, 2023, and publicly disclosed on December 13, 2023 (NVD, Adobe Advisory).

The vulnerability is classified as an out-of-bounds read vulnerability (CWE-125) that could potentially expose sensitive memory information. The CVSS v3.1 base score is 5.5 (Medium), with a vector string of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access and user interaction, has no impact on integrity or availability, but could result in high confidentiality impact (NVD).

The vulnerability could lead to the disclosure of sensitive memory information and potentially enable attackers to bypass security mitigations such as Address Space Layout Randomization (ASLR). This type of vulnerability could potentially expose sensitive data stored in memory, compromising system security (NVD).

Adobe has addressed this vulnerability through a security update. Users of affected versions (19.0 and earlier, and 17.4.2 and earlier) should update to the latest version of Adobe InDesign to mitigate this security risk (Adobe Advisory).