First published: Thu Sep 07 2023(Updated: )
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe Illustrator | <=25.4.5 | |
Adobe Illustrator | >=26.0<=26.0.2 | |
Apple macOS | ||
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-30644.
Adobe Illustrator versions 26.0.2 and earlier, as well as 25.4.5 and earlier, are affected.
This vulnerability could result in arbitrary code execution in the context of the current user.
Exploitation of this vulnerability requires user interaction, where a victim must open a malicious file.
No, Apple macOS and Microsoft Windows are not vulnerable to this specific vulnerability.
The severity of CVE-2022-30644 is high, with a CVSS score of 7.8.
To fix this vulnerability, update Adobe Illustrator to a version that is not affected.
You can find more information about this vulnerability on the Adobe security bulletin page: https://helpx.adobe.com/security/products/illustrator/apsb22-26.html