CVE-2024-39394: 
Adobe InDesign vulnerability analysis and mitigation

Adobe InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability identified as CVE-2024-39394. The vulnerability was discovered and reported by Adobe Systems Incorporated, with the initial CVE record being created on June 24, 2024, and publicly disclosed on August 14, 2024. This security flaw affects both Windows and macOS operating systems running the vulnerable versions of InDesign (NVD).

The vulnerability is classified as an out-of-bounds write (CWE-787) issue. It has received a CVSS v3.1 Base Score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This scoring indicates that while the attack requires local access and user interaction, it can result in high impacts across confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability could lead to arbitrary code execution in the context of the current user. The high CVSS score indicates severe potential impacts on system security, including complete compromise of confidentiality, integrity, and availability of the affected system (NVD).

Adobe has addressed this vulnerability in versions after ID18.5.2 and ID19.4. Users are advised to update to the latest version of InDesign to mitigate this security risk (Adobe Advisory).