Illustrator Adobe Illustrator

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Adobe Illustrator.

Recent Adobe Illustrator Security Advisories

Advisory Title Published
APSB25-43 Security Updates Available for Adobe Illustrator | APSB25-43 May 13, 2025
APSB25-17 Security Updates Available for Adobe Illustrator | APSB25-17 March 11, 2025
APSB25-11 Security Updates Available for Adobe Illustrator | APSB25-11 February 11, 2025
APSB25-04 Security Updates Available for Adobe Illustrator Mobile - IOS | APSB25-04 January 14, 2025
APSB24-94 Security Updates Available for Adobe Illustrator | APSB24-94 December 10, 2024
APSB24-87 Security Updates Available for Adobe Illustrator | APSB24-66 APSB24-87 November 12, 2024
APSB24-66 Security Updates Available for Adobe Illustrator | APSB24-66 September 10, 2024
APSB24-45 Security Updates Available for Adobe Illustrator | APSB24-45 August 14, 2024
APSB24-30 Security Updates Available for Adobe Illustrator | APSB24-30 May 14, 2024
APSB24-25 Security Updates Available for Adobe Illustrator | APSB24-25 April 9, 2024

By the Year

In 2025 there have been 12 vulnerabilities in Adobe Illustrator with an average score of 7.2 out of ten. Last year, in 2024 Illustrator had 31 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.65.

Year Vulnerabilities Average Score
2025 12 7.23
2024 31 6.57
2023 4 7.23
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Illustrator vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Adobe Illustrator Security Vulnerabilities

Illustrator versions 29.3, 28.7.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability

CVE-2025-30330 7.8 - High - May 13, 2025

Illustrator versions 29.3, 28.7.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a NULL Pointer Dereference vulnerability

CVE-2025-27170 5.5 - Medium - March 11, 2025

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

NULL Pointer Dereference

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability

CVE-2025-24449 5.5 - Medium - March 11, 2025

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability

CVE-2025-24448 5.5 - Medium - March 11, 2025

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds write vulnerability

CVE-2025-27169 7.8 - High - March 11, 2025

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability

CVE-2025-27168 7.8 - High - March 11, 2025

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability

CVE-2025-27167 7.8 - High - March 11, 2025

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts.

Untrusted Path

Illustrator versions 29.1, 28.7.3 and earlier are affected by a Use After Free vulnerability

CVE-2025-21159 7.8 - High - February 11, 2025

Illustrator versions 29.1, 28.7.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Illustrator versions 29.1, 28.7.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability

CVE-2025-21160 7.8 - High - February 11, 2025

Illustrator versions 29.1, 28.7.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Integer underflow

Illustrator versions 29.1, 28.7.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability

CVE-2025-21163 7.8 - High - February 11, 2025

Illustrator versions 29.1, 28.7.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability

CVE-2025-21134 7.8 - High - January 14, 2025

Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Integer underflow

Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability

CVE-2025-21133 7.8 - High - January 14, 2025

Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Integer underflow

Adobe Illustrator Out-of-Bounds Read Vulnerability in File Parsing

CVE-2024-49541 5.5 - Medium - December 10, 2024

Illustrator versions 29.0.0, 28.7.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Adobe Illustrator Out-of-Bounds Write Vulnerability

CVE-2024-49538 7.8 - High - December 10, 2024

Illustrator versions 29.0.0, 28.7.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Adobe Illustrator Out-of-Bounds Read Vulnerability in File Parsing

CVE-2024-47455 5.5 - Medium - November 12, 2024

Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Adobe Illustrator NULL Pointer Dereference Vulnerability

CVE-2024-47457 5.5 - Medium - November 12, 2024

Illustrator versions 28.7.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

NULL Pointer Dereference

Adobe Illustrator Out-of-Bounds Read Vulnerability in File Parsing

CVE-2024-47456 5.5 - Medium - November 12, 2024

Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Adobe Illustrator Out-of-Bounds Read Vulnerability in Memory Handling

CVE-2024-47454 5.5 - Medium - November 12, 2024

Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Adobe Illustrator Out-of-Bounds Read Vulnerability in File Parsing

CVE-2024-47453 5.5 - Medium - November 12, 2024

Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Adobe Illustrator Out-of-Bounds Write Vulnerability

CVE-2024-47452 7.8 - High - November 12, 2024

Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Adobe Illustrator Heap-based Buffer Overflow Vulnerability

CVE-2024-47450 7.8 - High - November 12, 2024

Illustrator versions 28.7.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Adobe Illustrator Out-of-Bounds Write Vulnerability

CVE-2024-45114 7.8 - High - November 12, 2024

Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Adobe Illustrator Out-of-Bounds Write Vulnerability

CVE-2024-47451 7.8 - High - November 12, 2024

Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Illustrator versions 28.6, 27.9.5 and earlier are affected by a Use After Free vulnerability

CVE-2024-43758 7.8 - High - September 13, 2024

Illustrator versions 28.6, 27.9.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability

CVE-2024-41857 7.8 - High - September 13, 2024

Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Integer underflow

Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Overflow or Wraparound vulnerability

CVE-2024-34121 7.8 - High - September 13, 2024

Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Integer Overflow or Wraparound

Illustrator versions 28.6, 27.9.5 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-45111 5.5 - Medium - September 13, 2024

Illustrator versions 28.6, 27.9.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Illustrator versions 28.6, 27.9.5 and earlier are affected by a NULL Pointer Dereference vulnerability

CVE-2024-43759 5.5 - Medium - September 13, 2024

Illustrator versions 28.6, 27.9.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a DoS condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

NULL Pointer Dereference

Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-34133 7.8 - High - August 14, 2024

Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability

CVE-2024-34118 5.5 - Medium - August 14, 2024

Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service condition. An attacker could exploit this vulnerability to render the application unresponsive or terminate its execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Improper Input Validation

Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-34134 5.5 - Medium - August 14, 2024

Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-34135 5.5 - Medium - August 14, 2024

Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier are affected by an Improper Input Validation vulnerability

CVE-2024-41856 7.8 - High - August 14, 2024

Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Improper Input Validation

Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability

CVE-2024-34138 5.5 - Medium - August 14, 2024

Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

NULL Pointer Dereference

Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability

CVE-2024-34137 5.5 - Medium - August 14, 2024

Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in a DoS. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

NULL Pointer Dereference

Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability

CVE-2024-34136 5.5 - Medium - August 14, 2024

Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

NULL Pointer Dereference

Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file

CVE-2024-20791 7.8 - High - May 16, 2024

Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-20793 5.5 - Medium - May 16, 2024

Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use After Free vulnerability

CVE-2024-20792 7.8 - High - May 16, 2024

Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-30272 7.8 - High - April 11, 2024

Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-30271 7.8 - High - April 11, 2024

Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability

CVE-2024-30273 - April 11, 2024

Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-20798 5.5 - Medium - April 11, 2024

Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by a Use After Free vulnerability

CVE-2023-26426 7.8 - High - March 22, 2023

Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds write vulnerability

CVE-2023-25860 7.8 - High - March 22, 2023

Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds write vulnerability

CVE-2023-25861 7.8 - High - March 22, 2023

Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds read vulnerability

CVE-2023-25862 5.5 - Medium - March 22, 2023

Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Adobe Illustrator or by Adobe? Click the Watch button to subscribe.

Adobe
Vendor

subscribe