CVE-2024-39389: 
Adobe InDesign vulnerability analysis and mitigation

Adobe InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability identified as CVE-2024-39389. The vulnerability was disclosed on August 14, 2024, and requires user interaction through opening a malicious file to be exploited. This security issue affects both Windows and macOS operating systems running the vulnerable versions of InDesign (Adobe Advisory).

The vulnerability is classified as a Stack-based Buffer Overflow (CWE-121) and Out-of-bounds Write (CWE-787) issue. It has received a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access and user interaction, but no privileges, while potentially impacting confidentiality, integrity, and availability at high levels (NVD).

If successfully exploited, this vulnerability could lead to arbitrary code execution in the context of the current user. The critical severity rating suggests significant potential impact on system security, particularly when a user is convinced to open a malicious file (Adobe Advisory).

Adobe has addressed this vulnerability in newer versions of InDesign. Users should update to versions later than ID18.5.2 for the 18.x branch or versions later than ID19.4 for the 19.x branch to mitigate this security risk (Adobe Advisory).