CVE-2022-23187: Adobe Illustrator 2022 Buffer Overflow could lead to Arbitrary code execution
First published: Fri Mar 11 2022(Updated: )
Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Illustrator.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Illustrator | >=25.0<25.4.5 | |
| Adobe Illustrator | >=26.0<26.1.0 | |
| Apple macOS | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Adobe Illustrator vulnerability?
The vulnerability ID for this Adobe Illustrator vulnerability is CVE-2022-23187.
What is the severity of CVE-2022-23187?
CVE-2022-23187 has a severity rating of 7.8 (critical).
What is the affected software for this vulnerability?
The affected software for CVE-2022-23187 is Adobe Illustrator version 26.0.3 (and earlier).
What is the potential impact of CVE-2022-23187?
CVE-2022-23187 can potentially result in arbitrary code execution in the context of the current user.
How can CVE-2022-23187 be exploited?
CVE-2022-23187 requires user interaction in that a victim must open a crafted file.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/title
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/adobe
- canonical/adobe illustrator
- version/adobe illustrator/25.0
- version/adobe illustrator/26.0
- vendor/apple
- canonical/apple macos
- vendor/microsoft
- canonical/microsoft windows