Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Analysis
Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Technical ContextAI
An out-of-bounds memory access occurs when code reads from or writes to memory locations outside the intended buffer boundaries. This vulnerability is classified as Out-of-bounds Write (CWE-787).
RemediationAI
Implement proper bounds checking on all array and buffer accesses. Use memory-safe languages or static analysis tools to detect OOB issues.
More in Illustrator
View allAdobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption)
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption)
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption)
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption)
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption)
Stack-based buffer overflow in Adobe Illustrator CS6 before 16.0.5 and 16.2.x before 16.2.2 allows remote attackers to e
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption)
Illustrator is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in t
Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially c
Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially c
Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially c
Adobe Illustrator version 25.2 (and earlier) is affected by a Path Traversal vulnerability when parsing a specially craf
Same weakness CWE-787 – Out-of-bounds Write
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-20740