173 matches found
CVE-2022-30637
Adobe Illustrator CVE-2022-30637 is an out-of-bounds write in font parsing that could allow arbitrary code execution. Affected: Illustrator 26.0.2 and earlier, and 25.4.5 and earlier. Exploitation requires user interaction (open a malicious file). No exploit details are provided in the documents....
CVE-2007-2365
CVE-2007-2365 affects Adobe Photoshop CS2/CS3, Photoshop Elements 5.0, Illustrator CS3, and GoLive 9. It is a buffer overflow in PNG handling that allows an attacker to execute arbitrary code via a crafted PNG file. The vulnerability is user-assisted (requires opening a crafted image), with a CVS...
CVE-2022-23188
CVE-2022-23188 affects Adobe Illustrator 25.4.3 and earlier and 26.0.2 and earlier due to a buffer overflow from insecure handling of a crafted malicious file, potentially allowing arbitrary code execution in the current user context. Exploitation requires user interaction (victim opens a malicio...
CVE-2022-23190
Summary of CVE-2022-23190 (Adobe Illustrator) : Affected products are Adobe Illustrator 25.4.3 and earlier and 26.0.2 and earlier. The issue is an out-of-bounds read that can disclose memory and potentially bypass mitigations like ASLR. Exploitation requires user interaction: a victim must open a...
CVE-2022-23193
CVE-2022-23193 affects Adobe Illustrator versions 25.4.3 and earlier and 26.0.2 and earlier, due to an out-of-bounds read that could disclose memory and bypass ASLR. Exploitation requires user interaction (open a malicious file). The advisory APSB22-07 fixes these issues; update to Illustrator 25...
CVE-2022-23187
Adobe Illustrator 26.0.3 (and earlier) is affected by a buffer overflow vulnerability caused by insecure handling of a crafted file, potentially enabling arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open the crafted file). Affect...
CVE-2022-23195
Adobe Illustrator 25.4.3 and earlier, and 26.0.2 and earlier, are affected by an out-of-bounds read vulnerability (CVE-2022-23195) that could disclose memory and bypass ASLR; exploitation requires the user to open a crafted file. Affected platforms include macOS and Windows per APSB22-07. Remedia...
CVE-2022-23197
CVE-2022-23197 affects Adobe Illustrator 25.4.3 and earlier and 26.0.2 and earlier. It is an out-of-bounds read vulnerability that can disclose memory and potentially bypass mitigations such as ASLR; exploitation requires the victim to open a malicious file (user interaction). Public sources refe...
CVE-2022-38435
Adobe Illustrator CVE-2022-38435 relates to an Improper Input Validation vulnerability affecting Illustrator versions 26.4 and earlier and 25.4.7 and earlier. The issue can lead to arbitrary code execution in the context of the current user, and exploitation requires user interaction (opening a m...
CVE-2022-23194
CVE-2022-23194 affects Adobe Illustrator 25.4.3 and earlier and 26.0.2 and earlier. The issue is an out-of-bounds read that could disclose memory and bypass mitigations such as ASLR; exploitation requires the user to open a malicious file. Connected documents confirm related advisories (APSB22-07...
CVE-2022-23192
Adobe Illustrator versions 25.4.3 and earlier, and 26.0.2 and earlier, are vulnerable to an out-of-bounds read that could disclose memory and bypass ASLR. Exploitation requires user interaction (the victim must open a malicious file). The issue is documented as CVE-2022-23192. Connected sources c...
CVE-2022-23191
Adobe Illustrator 25.4.3 and earlier, and 26.0.2 and earlier, are affected by an out-of-bounds read vulnerability in Illustrator that could lead to disclosure of sensitive memory and bypass ASLR. Exploitation requires user interaction (victim must open a malicious file). Affected versions are add...
CVE-2022-23196
Adobe Illustrator CVE-2022-23196 describes an out-of-bounds read in versions 25.4.3 and earlier and 26.0.2 and earlier, enabling memory disclosure and potential ASLR bypass. Exploitation requires user interaction (open a malicious file). A fix is available via the APSB22-07 advisory; update to Il...
CVE-2022-23199
Adobe Illustrator CVE-2022-23199 is a Null pointer dereference affecting versions 25.4.3 and earlier and 26.0.2 and earlier, leading to a denial-of-service in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). The issue is acknowledged in ...
CVE-2022-23186
CVE-2022-23186 affects Adobe Illustrator 25.4.3 and earlier and 26.0.2 and earlier. The issue is an out-of-bounds write that could lead to arbitrary code execution in the context of the current user. Exploitation requires the victim to open a crafted file (user interaction). In macOS, the APSB22-...
CVE-2022-23189
Adobe Illustrator <25.4.4 and
CVE-2022-23198
CVE-2022-23198 affects Adobe Illustrator versions 25.4.3 and earlier and 26.0.2 and earlier. The issue is a Null pointer dereference that can cause an application denial-of-service in the context of the current user. Exploitation requires the victim to open a malicious file (user interaction). Re...
CVE-2022-30647
Adobe Illustrator (Windows/macOS) is affected by a Use-After-Free vulnerability (CVE-2022-30647) that could allow arbitrary code execution in the context of the current user. Affected versions include 26.0.2 and earlier and 25.4.5 and earlier; exploitation requires user interaction through openin...
CVE-2022-30669
CVE-2022-30669 is an out-of-bounds read vulnerability in Adobe Illustrator versions 26.0.2 and earlier and 25.4.5 and earlier that could disclose memory and bypass ASLR. Exploitation requires a user to open a malicious file. The issue is part of the APSB22-26 advisory and is addressed by updates ...
CVE-2020-24415
Adobe Illustrator memory corruption vulnerability (CVE-2020-24415) affects Illustrator 24.1.2 and earlier, triggered by parsing a specially crafted SVG file. Successful exploitation could lead to arbitrary code execution in the current user’s context and requires user interaction. The issue is ad...
CVE-2022-30649
Adobe Illustrator 26.0.2 and earlier, and 25.4.5 and earlier, are affected by CVE-2022-30649—a vulnerability in an out-of-bounds write that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious file). The issue is docu...
CVE-2022-30667
CVE-2022-30667 is an out-of-bounds read vulnerability in Adobe Illustrator 26.0.2 and earlier and 25.4.5 and earlier that could disclose memory and potentially bypass ASLR. Exploitation requires user interaction (victim opens a malicious file). The issue is documented in NVD and linked advisories...
CVE-2023-26426
Summary (CVE-2023-26426) : Adobe Illustrator versions 26.5.2 and earlier, and 27.2.0 and earlier, are affected by a Use-After-Free (UAF) vulnerability that can cause arbitrary code execution in the context of the current user. Exploitation requires user interaction (a victim must open a malicious...
CVE-2020-24409
CVE-2020-24409 affects Adobe Illustrator 24.2 and earlier, a PDF-parsing out-of-bounds read that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction. Affected products/versions are discussed in the APSB20-53 advisory; Adobe has released ...
CVE-2022-30646
Adobe Illustrator CVE-2022-30646 is a out-of-bounds write vulnerability affecting Illustrator 26.0.2 and earlier and 25.4.5 and earlier, enabling arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious file). The CVE is tracked...
CVE-2021-21105
Adobe Illustrator 25.2 (and earlier) contains a memory corruption vulnerability when parsing a specially crafted file, leading to remote code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious file). Multiple connected advisories confirm...
CVE-2022-30666
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability (CVE-2022-30666) that could disclose sensitive memory. The issue is exploitable via a malicious file and could bypass ASLR; exploitation requires user interaction. The most...
CVE-2020-24412
Adobe Illustrator CVE-2020-24412 is a memory corruption vulnerability in Illustrator 24.1.2 and earlier triggered by parsing a specially crafted SVG file, potentially allowing arbitrary code execution in the context of the current user. Exploitation requires user interaction. Connected sources co...
CVE-2022-30644
Adobe Illustrator (Windows/macOS) <= 26.0.2 and
CVE-2023-25859
Adobe Illustrator CVE-2023-25859 is an Improper Input Validation vulnerability affecting Illustrator 26.5.2 and 27.2.0 (and earlier) that could allow arbitrary code execution in the context of the current user when a user opens a malicious file. This relies on user interaction and is part of a se...
CVE-2009-4195
CVE-2009-4195 affects Adobe Illustrator CS4 (v14.0.0) and earlier CS3 versions (13.0.3 and earlier). The vulnerability arises from a buffer overflow in the Encapsulated PostScript (EPS) DSC comment parsing, allowing remote attackers to execute arbitrary code by supplying a crafted EPS file. Multi...
CVE-2022-30639
CVE-2022-30639 affects Adobe Illustrator 26.0.2 and earlier and 25.4.5 and earlier, with an out-of-bounds write in font parsing that could allow arbitrary code execution in the context of the current user. Exploitation requires the user to open a crafted file. Vulnerable Windows/macOS lines exist...
CVE-2022-30648
Adobe Illustrator CVE-2022-30648 affects Illustrator 26.0.2 and earlier and 25.4.5 and earlier, via a Use-After-Free that could allow arbitrary code execution in the current user context. Exploitation requires the victim to open a malicious file. The connected docs reference APSB22-26 and indicat...
CVE-2022-30668
Adobe Illustrator is affected by CVE-2022-30668 (out-of-bounds read) in versions 26.0.2 and earlier and 25.4.5 and earlier, potentially exposing memory and bypassing ASLR. Exploitation requires the user to open a malicious file. Affected platforms include macOS and Windows; multiple related CVEs ...
CVE-2022-38410
CVE-2022-38410 affects Adobe Illustrator versions 26.4 and earlier, and 25.4.7 and earlier. The issue is an out-of-bounds read that can disclose sensitive memory and could enable bypassing mitigations like ASLR. Exploitation requires user interaction (victim must open a malicious file). Connected...
CVE-2021-21101
CVE-2021-21101 affects Adobe Illustrator 25.2 (and earlier) on Windows/macOS; it is an Out-of-bounds Write vulnerability when parsing a specially crafted file, enabling arbitrary code execution under the current user. Exploitation requires user interaction (victim opens a malicious file). Remedia...
CVE-2021-21053
CVE-2021-21053 affects Adobe Illustrator 25.1 and earlier. It is an out-of-bounds write vulnerability triggered while parsing a crafted file, allowing an unauthenticated attacker to achieve arbitrary code execution in the context of the user. Exploitation requires user interaction (the victim mus...
CVE-2022-30643
Adobe Illustrator CVE-2022-30643 affects Illustrator 26.0.2 and earlier and 25.4.5 and earlier, via an out-of-bounds write in font parsing that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). The...
CVE-2024-20798
Adobe Illustrator CVE-2024-20798 affects versions 28.3, 27.9.2 and earlier, due to an out-of-bounds read that can disclose memory and bypass ASLR. Exploitation requires opening a malicious file. The issue is addressed by the APSB24-25 update; remediation is to upgrade to non-affected versions (e....
CVE-2022-30642
Adobe Illustrator CVE-2022-30642 is an out-of-bounds write vulnerability in the font parsing path that can lead to remote code execution in the context of the current user. Affected versions include 26.0.2 and earlier and 25.4.5 and earlier; exploitation requires the user to open a malicious file...
CVE-2006-0525
CVE-2006-0525 affects multiple Adobe products (notably Photoshop CS2, Illustrator CS2, and Adobe Help Center) where a large number of .EXE and .DLL files are installed with write-access for the Everyone group. This local-privilege-escalation vulnerability allows bypassing protections via Trojan h...
CVE-2020-24413
Adobe Illustrator
CVE-2022-44500
Adobe Illustrator is affected by an out-of-bounds read vulnerability in versions 26.5.1 and earlier, and 27.0 and earlier, which could disclose memory and bypass ASLR. Exploitation requires user interaction (victim opens a malicious file). Affected platforms include Windows and macOS per linked a...
CVE-2021-21054
Adobe Illustrator CVE-2021-21054 is an Out-of-bounds Write vulnerability affecting Illustrator 25.1 and earlier. The issue occurs while parsing a crafted file and allows arbitrary code execution in the current user’s context. Exploitation requires user interaction (victim must open a malicious fi...
CVE-2021-28593
CVE-2021-28593 affects Adobe Illustrator 25.2.3 and earlier, with a Use-After-Free flaw triggered while parsing a specially crafted file. An unauthenticated attacker could disclose sensitive information in the context of the current user, and exploitation requires user interaction (victim opens a...
CVE-2022-30640
Adobe Illustrator CVE-2022-30640 describes an out-of-bounds write vulnerability in the font parsing code of Illustrator 26.0.2 and earlier, and 25.4.5 and earlier, which could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (a victim must ...
CVE-2022-30645
Adobe Illustrator CVE-2022-30645 affects Illustrator 26.0.2 and earlier and 25.4.5 and earlier, with an out-of-bounds write in SVG file parsing that could allow arbitrary code execution in the current user context. Exploitation requires user interaction (victim opens a malicious file). Affected p...
CVE-2022-30641
CVE-2022-30641 affects Adobe Illustrator (SVG file parsing) with an out-of-bounds write that can lead to arbitrary code execution in the context of the current user. Root cause per the CVE: out-of-bounds write during SVG/Parse file handling; exploitation requires user interaction (victim opens a ...
CVE-2020-9570
Adobe Illustrator 2020 and earlier (Windows) are affected by CVE-2020-9570, a memory corruption vulnerability in Illustrator 24.0.2 and earlier that could allow arbitrary code execution. The issue is addressed by updating to Illustrator 24.1.2 (as noted in APSB20-20 and corroborated by Threatpost...
CVE-2021-21104
Adobe Illustrator 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file, allowing remote code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). This CVE-2021-21104 entry is ...