CVE-2023-47075: 
Adobe Illustrator vulnerability analysis and mitigation

Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by a Use After Free vulnerability that was disclosed on December 13, 2023. The vulnerability, tracked as CVE-2023-47075, could result in arbitrary code execution in the context of the current user. This security flaw affects both Windows and macOS operating systems (NVD, CVE).

The vulnerability specifically exists within the parsing of JP2 files and results from the lack of validating the existence of an object prior to performing operations on the object. The issue has been assigned a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-416 (Use After Free) (ZDI, NVD).

If successfully exploited, this vulnerability could lead to arbitrary code execution in the context of the current user, potentially allowing an attacker to take control of the affected system (ZDI).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Illustrator (Adobe Advisory).