CVE-2024-47457: 
Adobe Illustrator vulnerability analysis and mitigation

A NULL Pointer Dereference vulnerability (CVE-2024-47457) was discovered in Adobe Illustrator versions 28.7.1 and earlier. The vulnerability was disclosed on November 12, 2024, affecting both Windows and macOS operating systems (NVD, Adobe Advisory).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) with a CVSS v3.1 base score of 5.5 (Medium). The attack vector is local (AV:L) with low attack complexity (AC:L), requiring user interaction (UI:R) but no privileges (PR:N). The scope is unchanged (S:U), with no impact on confidentiality (C:N) or integrity (I:N), but high impact on availability (A:H) (NVD).

If exploited, this vulnerability could result in an application denial-of-service condition. The successful exploitation would cause the application to crash, potentially leading to loss of unsaved work and temporary service disruption (NVD).

Adobe has addressed this vulnerability in version 28.7.2 of Illustrator. Users are advised to update their software to the latest version. The risk is rated as HIGH for large and medium business entities, MEDIUM for small business entities, and LOW for home users (CIS Advisory).