Adobe Illustrator
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Adobe Illustrator.
Recent Adobe Illustrator Security Advisories
| Advisory | Title | Published |
|---|---|---|
| APSB25-111 | Security Updates Available for Adobe Illustrator Mobile - IOS | APSB25-111 | November 11, 2025 |
| APSB25-109 | Security Updates Available for Adobe Illustrator | APSB25-109 | November 11, 2025 |
| APSB25-102 | Security Updates Available for Adobe Illustrator | APSB25-102 | October 14, 2025 |
| APSB25-74 | Security Updates Available for Adobe Illustrator | APSB25-74 | August 12, 2025 |
| APSB25-65 | Security Updates Available for Adobe Illustrator | APSB25-65 | July 8, 2025 |
| APSB25-43 | Security Updates Available for Adobe Illustrator | APSB25-43 | May 13, 2025 |
| APSB25-17 | Security Updates Available for Adobe Illustrator | APSB25-17 | March 11, 2025 |
| APSB25-11 | Security Updates Available for Adobe Illustrator | APSB25-11 | February 11, 2025 |
| APSB25-04 | Security Updates Available for Adobe Illustrator Mobile - IOS | APSB25-04 | January 14, 2025 |
| APSB24-94 | Security Updates Available for Adobe Illustrator | APSB24-94 | December 10, 2024 |
By the Year
In 2025 there have been 35 vulnerabilities in Adobe Illustrator with an average score of 7.3 out of ten. Last year, in 2024 Illustrator had 31 security vulnerabilities published. That is, 4 more vulnerabilities have already been reported in 2025 as compared to last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.70.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 35 | 7.27 |
| 2024 | 31 | 6.57 |
| 2023 | 7 | 7.47 |
It may take a day or so for new Illustrator vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Adobe Illustrator Security Vulnerabilities
Illustrator iPad <3.0.9 OOB Write Arbitrary Code Exec
CVE-2025-61828
7.8 - High
- November 11, 2025
Illustrator on iPad versions 3.0.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Illustrator iPad 3.0.9 HeapBased Buffer Overflow
CVE-2025-61827
7.8 - High
- November 11, 2025
Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Adobe Illustrator iPad <3.0.9 Integer Underflow causing arbitrary code execution
CVE-2025-61826
7.8 - High
- November 11, 2025
Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer underflow
Int Underflow in Illustrator on iPad <3.0.9 Allows Code Exec
CVE-2025-61836
7.8 - High
- November 11, 2025
Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer underflow
Heap BF in Adobe Illustrator for iPad 3.0.9 (CVE-2025-61829)
CVE-2025-61829
7.8 - High
- November 11, 2025
Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Out-of-Bounds Write in Adobe Illustrator 29.8.2 Enables AOE via Malicious File
CVE-2025-61831
7.8 - High
- November 11, 2025
Illustrator versions 28.7.10, 29.8.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Illustrator <=29.8.2 Heap Buffer Overflow in Document Processor
CVE-2025-61820
7.8 - High
- November 11, 2025
Illustrator versions 28.7.10, 29.8.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Adobe Illustrator <29.7/28.7.9 OOB Write Arbitrary Code Exec
CVE-2025-54283
7.8 - High
- October 14, 2025
Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Illustrator 29.7 OOB Write Arbitrary Code Exec (CVE-2025-54284)
CVE-2025-54284
7.8 - High
- October 14, 2025
Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Illustrator OOBW v28.7.8, 29.6.1 (Adobe)
CVE-2025-49563
7.8 - High
- August 12, 2025
Illustrator versions 28.7.8, 29.6.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Illustrator <29.6.1 Stack Buffer Overflow RCE
CVE-2025-49564
7.8 - High
- August 12, 2025
Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Stack Overflow
DoS via NULL Pointer Dereference in Adobe Illustrator 28.7.8-29.6.1
CVE-2025-49567
5.5 - Medium
- August 12, 2025
Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Adobe Illustrator UAF 28.7.8/29.6.1 – Sensitive Data Disclosure
CVE-2025-49568
5.5 - Medium
- August 12, 2025
Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Illustrator <29.5.1 Integer Underflow CVE-2025-49532
CVE-2025-49532
7.8 - High
- July 08, 2025
Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer underflow
Adobe Illustrator OOB Write CVE-2025-49526 (before 29.5.1)
CVE-2025-49526
7.8 - High
- July 08, 2025
Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Illustrator 28.7.6/29.5.1 Buffer Overflow (CVE-2025-49527)
CVE-2025-49527
7.8 - High
- July 08, 2025
Illustrator versions 28.7.6, 29.5.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Stack Overflow
Adobe Illustrator 28.7.6, 29.5.1 Buffer Overflow CVE-2025-49528
CVE-2025-49528
7.8 - High
- July 08, 2025
Illustrator versions 28.7.6, 29.5.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Stack Overflow
Adobe Illustrator AAUP Vulnerability in v28.7.6-29.5.1 (Arbitrary Code Exec)
CVE-2025-49529
7.8 - High
- July 08, 2025
Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Access of Uninitialized Pointer
Adobe Illustrator OOB write CVE-2025-49530 before 29.5.1
CVE-2025-49530
7.8 - High
- July 08, 2025
Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Illustrator <29.5.1 Integer Overflow CVE-2025-49531
CVE-2025-49531
7.8 - High
- July 08, 2025
Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer Overflow or Wraparound
Adobe Illustrator OOB Read CVE-2025-30313 Before 29.5.1
CVE-2025-30313
5.5 - Medium
- July 08, 2025
Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Illustrator NULL Pointer Dereference (DoS) – before 29.5.2
CVE-2025-49524
5.5 - Medium
- July 08, 2025
Illustrator versions 28.7.6, 29.5.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Adobe Illustrator 28.x/29.x OOB Read: Memory Disclosure (CVE-2025-49525)
CVE-2025-49525
5.5 - Medium
- July 08, 2025
Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Illustrator Heap BOV 29.3/28.7.5 – Arbitrary Code Exec
CVE-2025-30330
7.8 - High
- May 13, 2025
Illustrator versions 29.3, 28.7.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
NULL Pointer Deref causing DOS in Adobe Illustrator < 29.2.1
CVE-2025-27170
5.5 - Medium
- March 11, 2025
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Illustrator OOB Read Disclosure v<29.2.1 – ASLR Bypass
CVE-2025-24449
5.5 - Medium
- March 11, 2025
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Illustrator <=29.2.1: OOB Read memory disclosure (CVE-2025-24448)
CVE-2025-24448
5.5 - Medium
- March 11, 2025
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Illustrator OOB write in 29.2.1 & earlier — Arbitrary Code Exec
CVE-2025-27169
7.8 - High
- March 11, 2025
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Illustrator <29.3 Stack-Based Buffer Overflow
CVE-2025-27168
7.8 - High
- March 11, 2025
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Illustrator 29.2.1/28.7.4: Untrusted Search Path (CVE-2025-27167)
CVE-2025-27167
7.8 - High
- March 11, 2025
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts.
Untrusted Path
Illustrator Buffer Overflow (<=28.7.3) Enables Local Code Exec
CVE-2025-21163
7.8 - High
- February 11, 2025
Illustrator versions 29.1, 28.7.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Illustrator Int Underflow CVE-2025-21160 before 29.1 leads to code exec
CVE-2025-21160
7.8 - High
- February 11, 2025
Illustrator versions 29.1, 28.7.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer underflow
Adobe Illustrator <=28.7.3 Use-After-Free: Arbitrary Code Exec.
CVE-2025-21159
7.8 - High
- February 11, 2025
Illustrator versions 29.1, 28.7.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
IllustratoriPad <3.0.7 Integer Underflow for Arbitrary Code Exec
CVE-2025-21134
7.8 - High
- January 14, 2025
Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer underflow
Adobe Illustrator iPad <3.0.7 Integer Underflow leading to arbitrary code
CVE-2025-21133
7.8 - High
- January 14, 2025
Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer underflow
Adobe Illustrator Out-of-Bounds Read Vulnerability in File Parsing
CVE-2024-49541
5.5 - Medium
- December 10, 2024
Illustrator versions 29.0.0, 28.7.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Illustrator Out-of-Bounds Write Vulnerability
CVE-2024-49538
7.8 - High
- December 10, 2024
Illustrator versions 29.0.0, 28.7.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Illustrator Out-of-Bounds Write Vulnerability
CVE-2024-45114
7.8 - High
- November 12, 2024
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Illustrator Heap-based Buffer Overflow Vulnerability
CVE-2024-47450
7.8 - High
- November 12, 2024
Illustrator versions 28.7.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Illustrator Out-of-Bounds Write Vulnerability
CVE-2024-47451
7.8 - High
- November 12, 2024
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Illustrator Out-of-Bounds Write Vulnerability
CVE-2024-47452
7.8 - High
- November 12, 2024
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Illustrator Out-of-Bounds Read Vulnerability in File Parsing
CVE-2024-47453
5.5 - Medium
- November 12, 2024
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Illustrator Out-of-Bounds Read Vulnerability in Memory Handling
CVE-2024-47454
5.5 - Medium
- November 12, 2024
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Illustrator Out-of-Bounds Read Vulnerability in File Parsing
CVE-2024-47455
5.5 - Medium
- November 12, 2024
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Illustrator Out-of-Bounds Read Vulnerability in File Parsing
CVE-2024-47456
5.5 - Medium
- November 12, 2024
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Illustrator NULL Pointer Dereference Vulnerability
CVE-2024-47457
5.5 - Medium
- November 12, 2024
Illustrator versions 28.7.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Adobe Illustrator NULL ptr deref in v28.6/27.9.5 causes DoS
CVE-2024-43759
5.5 - Medium
- September 13, 2024
Illustrator versions 28.6, 27.9.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a DoS condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Adobe Illustrator < 28.6 Integer Underflow (CVE-2024-41857)
CVE-2024-41857
7.8 - High
- September 13, 2024
Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer underflow
Illustrator 28.6/27.9.5 Integer Overflow Arbitrary Code Exec
CVE-2024-34121
7.8 - High
- September 13, 2024
Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer Overflow or Wraparound
Adobe Illustrator UAF CVE-2024-43758 (before v28.6) Arbitrary Code Exec
CVE-2024-43758
7.8 - High
- September 13, 2024
Illustrator versions 28.6, 27.9.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Adobe Illustrator or by Adobe? Click the Watch button to subscribe.
