InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE ID: CVE-2024-53952
CVSS Base Severity: MEDIUM
CVSS Base Score: 5.5
Vendor: Adobe
Product: InDesign Desktop
EPSS Score: 0.05% (probability of being exploited)
EPSS Percentile: 22.9% (scored less or equal to compared to others)
EPSS Date: 2025-02-03 (when was this score calculated)