CVE-2020-24421 - OpenCVE

Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. The impact is limited to causing a denial-of-service of the client application. User interaction is required to exploit this issue.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Adobe	Indesign
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://helpx.adobe.com/security/products/indesign/apsb20-66.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: adobe

Published: 2020-10-20T00:00:00

Updated: 2021-06-28T12:41:39

Reserved: 2020-08-19T00:00:00

Link: CVE-2020-24421

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-10-21T22:15:12.087

Modified: 2021-12-10T19:37:57.790

Link: CVE-2020-24421

JSON object: View

Redhat Information

No data.

CWE

CWE-476

{"containers": {"cna": {"affected": [{"product": "InDesign", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "15.1.2", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2020-10-20T00:00:00", "descriptions": [{"lang": "en", "value": "Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. The impact is limited to causing a denial-of-service of the client application. User interaction is required to exploit this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "NULL Pointer Dereference (CWE-476)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-28T12:41:39", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://helpx.adobe.com/security/products/indesign/apsb20-66.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Adobe InDesign 15.1.2 NULL Pointer Dereference Bug", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "DATE_PUBLIC": "2020-10-20T23:00:00.000Z", "ID": "CVE-2020-24421", "STATE": "PUBLIC", "TITLE": "Adobe InDesign 15.1.2 NULL Pointer Dereference Bug"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "InDesign", "version": {"version_data": [{"version_affected": "<=", "version_value": "15.1.2"}, {"version_affected": "<=", "version_value": "None"}, {"version_affected": "<=", "version_value": "None"}, {"version_affected": "<=", "version_value": "None"}]}}]}, "vendor_name": "Adobe"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. The impact is limited to causing a denial-of-service of the client application. User interaction is required to exploit this issue."}]}, "impact": {"cvss": {"attackComplexity": "Low", "attackVector": "Local", "availabilityImpact": "High", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "Required", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "NULL Pointer Dereference (CWE-476)"}]}]}, "references": {"reference_data": [{"name": "https://helpx.adobe.com/security/products/indesign/apsb20-66.html", "refsource": "MISC", "url": "https://helpx.adobe.com/security/products/indesign/apsb20-66.html"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2020-24421", "datePublished": "2020-10-20T00:00:00", "dateReserved": "2020-08-19T00:00:00", "dateUpdated": "2021-06-28T12:41:39", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", "matchCriteriaId": "40C28E1C-42F1-4EFF-B091-A62C20390AAD", "versionEndIncluding": "15.1.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. The impact is limited to causing a denial-of-service of the client application. User interaction is required to exploit this issue."}, {"lang": "es", "value": "Adobe InDesign versi\u00f3n 15.1.2 (y anteriores) est\u00e1 afectado por un error de derivaci\u00f3n del puntero NULL que se produce al manejar un archivo .indd malformado. El impacto se limita a causar una denegaci\u00f3n de servicio de la aplicaci\u00f3n cliente. Es requerida una interacci\u00f3n del usuario para explotar esta vulnerabilidad"}], "id": "CVE-2020-24421", "lastModified": "2021-12-10T19:37:57.790", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@adobe.com", "type": "Secondary"}]}, "published": "2020-10-21T22:15:12.087", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/indesign/apsb20-66.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "psirt@adobe.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Secondary"}]}