CVE-2022-38436

Name of the Vulnerable Software and Affected Versions Adobe Illustrator versions 26.4 and earlier Adobe Illustrator versions 25.4.7 and earlier

Description The issue is related to an out-of-bounds read when parsing a crafted file, potentially allowing an attacker to execute code in the context of the current user. This requires user interaction, such as opening a malicious file. The vulnerability is associated with a buffer read beyond allocated memory, which could be leveraged for remote code execution.

Recommendations For Adobe Illustrator versions 26.4 and earlier, update to a version later than 26.4 to resolve the issue. For Adobe Illustrator versions 25.4.7 and earlier, update to a version later than 25.4.7 to resolve the issue. As a temporary workaround, consider avoiding the opening of files from untrusted sources to minimize the risk of exploitation.