CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41858 – Adobe InCopy has an integer overflow vulnerability when parsing SVG file
https://notcve.org/view.php?id=CVE-2024-41858
InCopy versions 18.5.2, 19.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/incopy/apsb24-64.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-26368 – Adobe InCopy Out-of-Bounds Read Vulnerability v1.0
https://notcve.org/view.php?id=CVE-2023-26368
Adobe InCopy versions 18.5 (and earlier) and 17.4.2 (and earlier) are affected by are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Adobe InCopy versiones 18.5 (y anteriores) y 17.4.2 (y anteriores) se ven afectadas por una vulnerabilidad de lectura fuera de los límites al analizar un archivo manipulado, lo que podría resultar en una lectura más allá del final de una estructura de memoria asignada. Un atacante podría aprovechar esta vulnerabilidad para ejecutar código en el contexto del usuario actual. • https://helpx.adobe.com/security/products/incopy/apsb23-60.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2023-22235 – Adobe InCopy SVG file Use After Free Arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-22235
InCopy versions 18.1 (and earlier), 17.4 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/incopy/apsb23-13.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21598 – Adobe InCopy Font Parsing Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-21598
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of embedded fonts. • https://helpx.adobe.com/security/products/incopy/apsb23-08.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21599 – Adobe InCopy Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-21599
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of embedded fonts. • https://helpx.adobe.com/security/products/incopy/apsb23-08.html • CWE-125: Out-of-bounds Read •