Adobe Illustrator
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Adobe Illustrator.
Recent Adobe Illustrator Security Advisories
| Advisory | Title | Published |
|---|---|---|
| APSB26-18 | Security Updates Available for Adobe Illustrator | APSB26-18 | March 10, 2026 |
| APSB26-03 | Security Updates Available for Adobe Illustrator | APSB26-03 | January 13, 2026 |
| APSB25-111 | Security Updates Available for Adobe Illustrator Mobile - IOS | APSB25-111 | November 11, 2025 |
| APSB25-109 | Security Updates Available for Adobe Illustrator | APSB25-109 | November 11, 2025 |
| APSB25-102 | Security Updates Available for Adobe Illustrator | APSB25-102 | October 14, 2025 |
| APSB25-74 | Security Updates Available for Adobe Illustrator | APSB25-74 | August 12, 2025 |
| APSB25-65 | Security Updates Available for Adobe Illustrator | APSB25-65 | July 8, 2025 |
| APSB25-43 | Security Updates Available for Adobe Illustrator | APSB25-43 | May 13, 2025 |
| APSB25-17 | Security Updates Available for Adobe Illustrator | APSB25-17 | March 11, 2025 |
| APSB25-11 | Security Updates Available for Adobe Illustrator | APSB25-11 | February 11, 2025 |
By the Year
In 2026 there have been 9 vulnerabilities in Adobe Illustrator with an average score of 7.2 out of ten. Last year, in 2025 Illustrator had 35 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Illustrator in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.06
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 9 | 7.21 |
| 2025 | 35 | 7.27 |
| 2024 | 31 | 6.57 |
| 2023 | 18 | 7.67 |
| 2022 | 13 | 6.38 |
| 2021 | 4 | 7.68 |
| 2020 | 10 | 0.00 |
| 2019 | 3 | 0.00 |
It may take a day or so for new Illustrator vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Adobe Illustrator Security Vulnerabilities
Adobe Illustrator OOB Read 29.8.4-30.1 Exposes Memory
CVE-2026-27270
5.5 - Medium
- March 10, 2026
Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Heap-based Buffer Overflow in Adobe Illustrator 29.8.4-30.1 Allowing Arbitrary Code Exec
CVE-2026-27271
7.8 - High
- March 10, 2026
Illustrator versions 29.8.4, 30.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Adobe Illustrator Untrusted Search Path (USP) in v29.8.4/30.1 (Pre-30.2)
CVE-2026-21333
8.6 - High
- March 10, 2026
Illustrator versions 29.8.4, 30.1 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Untrusted Path
Illustrator <30.2 OOB Read Vulnerability (CVE-2026-27268)
CVE-2026-27268
5.5 - Medium
- March 10, 2026
Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Illustrator <=30.1 OOB Write Arbitrary Exec in Malicious File
CVE-2026-27272
7.8 - High
- March 10, 2026
Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Illustrator OOB write <=30.1 leads to arbitrary code execution
CVE-2026-21362
7.8 - High
- March 10, 2026
Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Illustrator <=30.1 Stack-Based Buffer Overflow
CVE-2026-27267
7.8 - High
- March 10, 2026
Illustrator versions 29.8.4, 30.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Stack Overflow
Illustrator <30.0 Untrusted Search Path => code exec
CVE-2026-21280
8.6 - High
- January 13, 2026
Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
Untrusted Path
Adobe Illustrator <=30.0 NULL Pointer Deref DoS
CVE-2026-21288
5.5 - Medium
- January 13, 2026
Illustrator versions 29.8.3, 30.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Illustrator iPad <3.0.9 OOB Write Arbitrary Code Exec
CVE-2025-61828
7.8 - High
- November 11, 2025
Illustrator on iPad versions 3.0.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Illustrator iPad 3.0.9 HeapBased Buffer Overflow
CVE-2025-61827
7.8 - High
- November 11, 2025
Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Adobe Illustrator iPad <3.0.9 Integer Underflow causing arbitrary code execution
CVE-2025-61826
7.8 - High
- November 11, 2025
Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer underflow
Int Underflow in Illustrator on iPad <3.0.9 Allows Code Exec
CVE-2025-61836
7.8 - High
- November 11, 2025
Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer underflow
Heap BF in Adobe Illustrator for iPad 3.0.9 (CVE-2025-61829)
CVE-2025-61829
7.8 - High
- November 11, 2025
Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Out-of-Bounds Write in Adobe Illustrator 29.8.2 Enables AOE via Malicious File
CVE-2025-61831
7.8 - High
- November 11, 2025
Illustrator versions 28.7.10, 29.8.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Illustrator <=29.8.2 Heap Buffer Overflow in Document Processor
CVE-2025-61820
7.8 - High
- November 11, 2025
Illustrator versions 28.7.10, 29.8.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Adobe Illustrator <29.7/28.7.9 OOB Write Arbitrary Code Exec
CVE-2025-54283
7.8 - High
- October 14, 2025
Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Illustrator 29.7 OOB Write Arbitrary Code Exec (CVE-2025-54284)
CVE-2025-54284
7.8 - High
- October 14, 2025
Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Illustrator <29.6.1 Stack Buffer Overflow RCE
CVE-2025-49564
7.8 - High
- August 12, 2025
Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Stack Overflow
DoS via NULL Pointer Dereference in Adobe Illustrator 28.7.8-29.6.1
CVE-2025-49567
5.5 - Medium
- August 12, 2025
Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Adobe Illustrator UAF 28.7.8/29.6.1 – Sensitive Data Disclosure
CVE-2025-49568
5.5 - Medium
- August 12, 2025
Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Illustrator OOBW v28.7.8, 29.6.1 (Adobe)
CVE-2025-49563
7.8 - High
- August 12, 2025
Illustrator versions 28.7.8, 29.6.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Illustrator 28.x/29.x OOB Read: Memory Disclosure (CVE-2025-49525)
CVE-2025-49525
5.5 - Medium
- July 08, 2025
Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Illustrator NULL Pointer Dereference (DoS) – before 29.5.2
CVE-2025-49524
5.5 - Medium
- July 08, 2025
Illustrator versions 28.7.6, 29.5.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Adobe Illustrator OOB Read CVE-2025-30313 Before 29.5.1
CVE-2025-30313
5.5 - Medium
- July 08, 2025
Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Illustrator <29.5.1 Integer Underflow CVE-2025-49532
CVE-2025-49532
7.8 - High
- July 08, 2025
Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer underflow
Adobe Illustrator <29.5.1 Integer Overflow CVE-2025-49531
CVE-2025-49531
7.8 - High
- July 08, 2025
Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer Overflow or Wraparound
Adobe Illustrator OOB write CVE-2025-49530 before 29.5.1
CVE-2025-49530
7.8 - High
- July 08, 2025
Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Illustrator AAUP Vulnerability in v28.7.6-29.5.1 (Arbitrary Code Exec)
CVE-2025-49529
7.8 - High
- July 08, 2025
Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Access of Uninitialized Pointer
Adobe Illustrator 28.7.6, 29.5.1 Buffer Overflow CVE-2025-49528
CVE-2025-49528
7.8 - High
- July 08, 2025
Illustrator versions 28.7.6, 29.5.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Stack Overflow
Illustrator 28.7.6/29.5.1 Buffer Overflow (CVE-2025-49527)
CVE-2025-49527
7.8 - High
- July 08, 2025
Illustrator versions 28.7.6, 29.5.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Stack Overflow
Adobe Illustrator OOB Write CVE-2025-49526 (before 29.5.1)
CVE-2025-49526
7.8 - High
- July 08, 2025
Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Illustrator Heap BOV 29.3/28.7.5 – Arbitrary Code Exec
CVE-2025-30330
7.8 - High
- May 13, 2025
Illustrator versions 29.3, 28.7.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
NULL Pointer Deref causing DOS in Adobe Illustrator < 29.2.1
CVE-2025-27170
5.5 - Medium
- March 11, 2025
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Illustrator OOB Read Disclosure v<29.2.1 – ASLR Bypass
CVE-2025-24449
5.5 - Medium
- March 11, 2025
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Illustrator <=29.2.1: OOB Read memory disclosure (CVE-2025-24448)
CVE-2025-24448
5.5 - Medium
- March 11, 2025
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Illustrator OOB write in 29.2.1 & earlier — Arbitrary Code Exec
CVE-2025-27169
7.8 - High
- March 11, 2025
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Illustrator <29.3 Stack-Based Buffer Overflow
CVE-2025-27168
7.8 - High
- March 11, 2025
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Illustrator 29.2.1/28.7.4: Untrusted Search Path (CVE-2025-27167)
CVE-2025-27167
7.8 - High
- March 11, 2025
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts.
Untrusted Path
Adobe Illustrator Int Underflow CVE-2025-21160 before 29.1 leads to code exec
CVE-2025-21160
7.8 - High
- February 11, 2025
Illustrator versions 29.1, 28.7.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer underflow
Illustrator Buffer Overflow (<=28.7.3) Enables Local Code Exec
CVE-2025-21163
7.8 - High
- February 11, 2025
Illustrator versions 29.1, 28.7.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Illustrator <=28.7.3 Use-After-Free: Arbitrary Code Exec.
CVE-2025-21159
7.8 - High
- February 11, 2025
Illustrator versions 29.1, 28.7.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
IllustratoriPad <3.0.7 Integer Underflow for Arbitrary Code Exec
CVE-2025-21134
7.8 - High
- January 14, 2025
Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer underflow
Adobe Illustrator iPad <3.0.7 Integer Underflow leading to arbitrary code
CVE-2025-21133
7.8 - High
- January 14, 2025
Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer underflow
Adobe Illustrator Out-of-Bounds Read Vulnerability in File Parsing
CVE-2024-49541
5.5 - Medium
- December 10, 2024
Illustrator versions 29.0.0, 28.7.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Illustrator Out-of-Bounds Write Vulnerability
CVE-2024-49538
7.8 - High
- December 10, 2024
Illustrator versions 29.0.0, 28.7.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Illustrator Out-of-Bounds Read Vulnerability in File Parsing
CVE-2024-47456
5.5 - Medium
- November 12, 2024
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Illustrator Out-of-Bounds Read Vulnerability in Memory Handling
CVE-2024-47454
5.5 - Medium
- November 12, 2024
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Illustrator NULL Pointer Dereference Vulnerability
CVE-2024-47457
5.5 - Medium
- November 12, 2024
Illustrator versions 28.7.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Adobe Illustrator Out-of-Bounds Write Vulnerability
CVE-2024-47452
7.8 - High
- November 12, 2024
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Adobe Illustrator or by Adobe? Click the Watch button to subscribe.
