
Cloud Vulnerability DB
A community-led vulnerabilities database
CVE-2022-23192 is a Memory Corruption vulnerability discovered in Adobe Illustrator that affects Adobe Illustrator 2022 (versions 26.0.2 and earlier) and Adobe Illustrator 2021 (versions 25.4.3 and earlier). The vulnerability was discovered by Fortinet security researchers and was publicly disclosed on February 8, 2022, when Adobe released security patches to address the issue. The vulnerability received a CVSS score of 5.5, categorizing it as Important (Adobe Security, Fortinet Research).
The vulnerability exists in the decoding of Adobe Illustrator Artwork (AI) files and is characterized as an out-of-bounds memory access vulnerability caused by improper bounds checking. The technical classification falls under Access of Memory Location After End of Buffer (CWE-788). The vulnerability received a CVSS score of 5.5 with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A (Adobe Security, Fortinet Research).
When exploited, this vulnerability can lead to unintended memory reads, potentially resulting in the disclosure of sensitive memory data. The attack can be executed through a specially crafted AI file, which could lead to memory data leaks (Fortinet Research).
Adobe has released security patches to address this vulnerability. Users are strongly advised to update their Adobe Illustrator installations to the latest version. The vulnerability affects both Windows and MacOS platforms, and users of Adobe Illustrator 2022 (versions 26.0.2 and earlier) and Adobe Illustrator 2021 (versions 25.4.3 and earlier) should apply the patches as soon as possible (Fortinet Research).
Source: This report was generated using AI
Free Vulnerability Assessment
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
"We know that if Wiz identifies something as critical, it actually is."