
Cloud Vulnerability DB
A community-led vulnerabilities database
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability (CVE-2022-30666) that was discovered in early 2022. The vulnerability was officially disclosed on June 14, 2022, when Adobe released a security patch (Adobe Security, NVD).
The vulnerability exists in the decoding of CorelDraw Drawing 'CDR' files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed CDR file, which causes an out-of-bounds memory access due to an improper bounds check. The vulnerability has been assigned a CVSS score that indicates local access is required with user interaction (Fortinet Labs).
Attackers can exploit this vulnerability for unintended memory reads, potentially leading to a memory data leak. This could allow attackers to bypass mitigations such as ASLR (Address Space Layout Randomization). The vulnerability affects both Windows and MacOS platforms (Fortinet Labs).
Adobe has released security patches to address this vulnerability. Users of Adobe Illustrator 2022 (version 26.0.2 and earlier) and Adobe Illustrator 2021 (version 25.4.5 and earlier) should apply the latest security updates (Adobe Security).
Source: This report was generated using AI
Free Vulnerability Assessment
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
"We know that if Wiz identifies something as critical, it actually is."