CVE-2021-43752: 
Adobe Illustrator vulnerability analysis and mitigation

Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlier) were affected by an out-of-bounds read vulnerability identified as CVE-2021-43752. The vulnerability was disclosed on January 11, 2022, and required user interaction through opening a malicious file to be exploited (NVD).

The vulnerability is classified as an Out-of-bounds Read (CWE-125) issue. It received varying CVSS scores, with the NVD assigning a CVSS v3.1 Base Score of 5.5 (MEDIUM) with vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, while Adobe Systems assigned a lower score of 3.3 (LOW) with vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N (NVD).

The vulnerability could lead to disclosure of sensitive memory and potentially allow attackers to bypass security mitigations such as ASLR (Address Space Layout Randomization). The impact is primarily focused on confidentiality, with no direct impact on system integrity or availability (NVD).

Adobe addressed this vulnerability in an update released through their security bulletin APSB22-02. Users should update to versions newer than 25.4.2 or 26.0.1 of Adobe Illustrator (Adobe Advisory).