Adobe InCopy up to 16.4.2/17.3.0 heap-based overflow

Summaryinfo

A vulnerability has been found in Adobe InCopy up to 16.4.2/17.3.0 and classified as problematic. This affects an unknown function. The manipulation leads to heap-based overflow. This vulnerability is traded as CVE-2022-38405. An attack has to be approached locally. There is no exploit available. The affected component should be upgraded.

Detailsinfo

A vulnerability was found in Adobe InCopy up to 16.4.2/17.3.0. It has been rated as problematic. This issue affects an unknown part. The manipulation with an unknown input leads to a heap-based overflow vulnerability. Using CWE to declare the problem leads to CWE-122. A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). Impacted is confidentiality, integrity, and availability.

The weakness was shared 09/13/2022. It is possible to read the advisory at helpx.adobe.com. The identification of this vulnerability is CVE-2022-38405. It demands that the victim is doing some kind of user interaction. The technical details are unknown and an exploit is not publicly available.

Upgrading to version 16.4.3 or 17.4.0 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Vendor

• Adobe

Name

• InCopy

Version

• 16.4.0
• 16.4.1
• 16.4.2
• 17.0
• 17.1
• 17.2
• 17.3.0

License

• commercial

Website

• Vendor: https://www.adobe.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion