Severity

Medium

Analysis Summary

CVE-2022-23188 

Adobe Illustrator is vulnerable to a buffer overflow. By persuading a victim to open a specially-crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2022-23199; CVE-2022-23198

Adobe Illustrator is vulnerable to a denial of service, caused by a NULL pointer dereference. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to cause a denial of service.

 CVE-2022-23197 

Adobe Illustrator could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2022-23196 

Adobe Illustrator could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2022-23195 

Adobe Illustrator could allow a remote attacker to obtain sensitive information, caused by access of memory location after end of buffer. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2022-23194 

Adobe Illustrator could allow a remote attacker to obtain sensitive information, caused by access of memory location after end of buffer. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2022-23193 

Adobe Illustrator could allow a remote attacker to obtain sensitive information, caused by access of memory location after end of buffer. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2022-23192 

Adobe Illustrator could allow a remote attacker to obtain sensitive information, caused by access of memory location after end of buffer. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2022-23191 

Adobe Illustrator could allow a remote attacker to obtain sensitive information, caused by access of memory location after end of buffer. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2022-23189 

Adobe Illustrator is vulnerable to a denial of service, caused by a NULL pointer dereference. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2022-23186 

Adobe Illustrator could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2022-23190 

Adobe Illustrator could allow a remote attacker to obtain sensitive information, caused by access of memory location after end of buffer. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to obtain sensitive information.

Impact

• Buffer Overflow
• Denial of Service
• Information Disclosure

Indicators of Compromise

CVE

• CVE-2022-23188
• CVE-2022-23199
• CVE-2022-23197
• CVE-2022-23196
• CVE-2022-23195
• CVE-2022-23194
• CVE-2022-23193
• CVE-2022-23192
• CVE-2022-23191
• CVE-2022-23189
• CVE-2022-23190

Affected Vendors

Adobe

Affected Products

• Adobe Illustrator 2021 25.4.3
• Adobe Illustrator 2022 26.0.2

Remediation

Refer to Adobe Security Bulletin for patch, upgrade or suggested workaround information.