CVE-2022-23188: 
Adobe Illustrator vulnerability analysis and mitigation

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a buffer overflow vulnerability identified as CVE-2022-23188. The vulnerability was discovered in late 2021 and publicly disclosed on February 8, 2022. The issue exists in the Adobe Illustrator 'MPS' plugin and affects both Windows and MacOS platforms (Adobe Advisory, Fortinet Research).

The vulnerability is caused by a malformed Macintosh Picture Image file (PCT) file, which triggers an Out of Bounds Write memory access due to improper bounds check when manipulating a pointer to an allocated buffer. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The weakness has been classified as CWE-120: Buffer Copy without Checking Size of Input (NVD).

If successfully exploited, this vulnerability could lead to arbitrary code execution in the context of the current user. The exploitation requires user interaction, specifically requiring a victim to open a crafted malicious file in Illustrator (CVE).

Adobe has released security patches to address this vulnerability. Users are strongly advised to update their Adobe Illustrator installations to versions newer than 25.4.3 (for 2021 release) or 26.0.2 (for 2022 release). The patches were released as part of Adobe's February 2022 security updates (Adobe Advisory).

The vulnerability was discovered by Fortinet security researchers Kushal Arvind Shah and Yonghui Han, who reported it to Adobe along with several other vulnerabilities. Security researchers have emphasized the importance of applying the patches promptly due to the severity of the vulnerability (Fortinet Research).