CVE-2022-23195
First published: Wed Feb 16 2022(Updated: )
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Illustrator | <=25.4.3 | |
| Adobe Illustrator | >=26.0.0<=26.0.2 | |
| Apple macOS | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-23195?
CVE-2022-23195 is an out-of-bounds read vulnerability in Adobe Illustrator versions 25.4.3 and 26.0.2 that could lead to disclosure of sensitive memory.
How does CVE-2022-23195 affect Adobe Illustrator?
CVE-2022-23195 affects Adobe Illustrator versions 25.4.3 and 26.0.2 by allowing an attacker to bypass mitigations like ASLR and potentially access sensitive memory.
How can an attacker exploit CVE-2022-23195?
Exploitation of CVE-2022-23195 requires user interaction, such as opening a malicious file, that triggers the out-of-bounds read vulnerability in Adobe Illustrator.
What is the severity of CVE-2022-23195?
CVE-2022-23195 has a severity rating of 5.5 (medium).
Is there a fix for CVE-2022-23195?
Yes, Adobe has released a security update to address CVE-2022-23195. It is recommended to update to the latest version of Adobe Illustrator.
- collector/nvd-index
- vendor/adobe
- canonical/adobe illustrator
- version/adobe illustrator/25.4.3
- version/adobe illustrator/26.0.0
- version/adobe illustrator/26.0.2
- vendor/apple
- canonical/apple macos
- vendor/microsoft
- canonical/microsoft windows