CVE-2022-30641: 
Adobe Illustrator vulnerability analysis and mitigation

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability identified as CVE-2022-30641. The vulnerability was discovered and reported on February 4, 2022, and Adobe released a security update on June 14, 2022. This security flaw affects Adobe Illustrator installations on both Windows and macOS operating systems (NVD, Adobe Security).

The vulnerability is classified as an out-of-bounds write (CWE-787) that specifically occurs during the parsing of SVG images. The issue allows for writing data past the end of an allocated buffer when processing crafted SVG files. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (ZDI Advisory, Adobe Security).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The attacker could potentially gain the same rights and access as the compromised user account (NVD, ZDI Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Illustrator. The fix was included in the security bulletin APSB22-26 (Adobe Security).