CVE-2022-23191: 
Adobe Illustrator vulnerability analysis and mitigation

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability discovered in late 2021. The vulnerability, identified as CVE-2022-23191, was officially disclosed on February 8, 2022, and could potentially lead to the disclosure of sensitive memory information (CVE Mitre, Adobe Security).

The vulnerability is specifically a Memory Corruption issue that exists in the decoding of Macintosh Picture Image file (PCT) in Adobe Illustrator. The vulnerability manifests as an Out of Bounds Read memory access due to an improper bounds check within the 'MPS' plugin. This security flaw requires user interaction, specifically opening a malicious file, to be exploited (Fortinet Research).

When successfully exploited, this vulnerability could lead to disclosure of sensitive memory information. Additionally, attackers could leverage this vulnerability to bypass security mitigations such as ASLR (Address Space Layout Randomization). The vulnerability affects both Windows and MacOS platforms (CVE Mitre).

Adobe has released security patches to address this vulnerability. Users are strongly advised to update their Adobe Illustrator installations to versions newer than 25.4.3 (for 2021 version) and 26.0.2 (for 2022 version). Additionally, Fortinet has released an IPS signature named Adobe.Illustrator.CVE-2022-23191.Memory.Corruption to protect their customers (Fortinet Research).