Adobe Illustrator
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Adobe Illustrator.
Recent Adobe Illustrator Security Advisories
Advisory | Title | Published |
---|---|---|
APSB25-43 | Security Updates Available for Adobe Illustrator | APSB25-43 | May 13, 2025 |
APSB25-17 | Security Updates Available for Adobe Illustrator | APSB25-17 | March 11, 2025 |
APSB25-11 | Security Updates Available for Adobe Illustrator | APSB25-11 | February 11, 2025 |
APSB25-04 | Security Updates Available for Adobe Illustrator Mobile - IOS | APSB25-04 | January 14, 2025 |
APSB24-94 | Security Updates Available for Adobe Illustrator | APSB24-94 | December 10, 2024 |
APSB24-87 | Security Updates Available for Adobe Illustrator | APSB24-66 APSB24-87 | November 12, 2024 |
APSB24-66 | Security Updates Available for Adobe Illustrator | APSB24-66 | September 10, 2024 |
APSB24-45 | Security Updates Available for Adobe Illustrator | APSB24-45 | August 14, 2024 |
APSB24-30 | Security Updates Available for Adobe Illustrator | APSB24-30 | May 14, 2024 |
APSB24-25 | Security Updates Available for Adobe Illustrator | APSB24-25 | April 9, 2024 |
By the Year
In 2025 there have been 12 vulnerabilities in Adobe Illustrator with an average score of 7.2 out of ten. Last year, in 2024 Illustrator had 31 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.65.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 12 | 7.23 |
2024 | 31 | 6.57 |
2023 | 4 | 7.23 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Illustrator vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Adobe Illustrator Security Vulnerabilities
Illustrator versions 29.3, 28.7.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability
CVE-2025-30330
7.8 - High
- May 13, 2025
Illustrator versions 29.3, 28.7.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a NULL Pointer Dereference vulnerability
CVE-2025-27170
5.5 - Medium
- March 11, 2025
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability
CVE-2025-24449
5.5 - Medium
- March 11, 2025
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability
CVE-2025-24448
5.5 - Medium
- March 11, 2025
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds write vulnerability
CVE-2025-27169
7.8 - High
- March 11, 2025
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability
CVE-2025-27168
7.8 - High
- March 11, 2025
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability
CVE-2025-27167
7.8 - High
- March 11, 2025
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts.
Untrusted Path
Illustrator versions 29.1, 28.7.3 and earlier are affected by a Use After Free vulnerability
CVE-2025-21159
7.8 - High
- February 11, 2025
Illustrator versions 29.1, 28.7.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Illustrator versions 29.1, 28.7.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability
CVE-2025-21160
7.8 - High
- February 11, 2025
Illustrator versions 29.1, 28.7.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer underflow
Illustrator versions 29.1, 28.7.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability
CVE-2025-21163
7.8 - High
- February 11, 2025
Illustrator versions 29.1, 28.7.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability
CVE-2025-21134
7.8 - High
- January 14, 2025
Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer underflow
Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability
CVE-2025-21133
7.8 - High
- January 14, 2025
Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer underflow
Adobe Illustrator Out-of-Bounds Read Vulnerability in File Parsing
CVE-2024-49541
5.5 - Medium
- December 10, 2024
Illustrator versions 29.0.0, 28.7.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Illustrator Out-of-Bounds Write Vulnerability
CVE-2024-49538
7.8 - High
- December 10, 2024
Illustrator versions 29.0.0, 28.7.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Illustrator Out-of-Bounds Read Vulnerability in File Parsing
CVE-2024-47455
5.5 - Medium
- November 12, 2024
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Illustrator NULL Pointer Dereference Vulnerability
CVE-2024-47457
5.5 - Medium
- November 12, 2024
Illustrator versions 28.7.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Adobe Illustrator Out-of-Bounds Read Vulnerability in File Parsing
CVE-2024-47456
5.5 - Medium
- November 12, 2024
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Illustrator Out-of-Bounds Read Vulnerability in Memory Handling
CVE-2024-47454
5.5 - Medium
- November 12, 2024
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Illustrator Out-of-Bounds Read Vulnerability in File Parsing
CVE-2024-47453
5.5 - Medium
- November 12, 2024
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Illustrator Out-of-Bounds Write Vulnerability
CVE-2024-47452
7.8 - High
- November 12, 2024
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Illustrator Heap-based Buffer Overflow Vulnerability
CVE-2024-47450
7.8 - High
- November 12, 2024
Illustrator versions 28.7.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Illustrator Out-of-Bounds Write Vulnerability
CVE-2024-45114
7.8 - High
- November 12, 2024
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Illustrator Out-of-Bounds Write Vulnerability
CVE-2024-47451
7.8 - High
- November 12, 2024
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Illustrator versions 28.6, 27.9.5 and earlier are affected by a Use After Free vulnerability
CVE-2024-43758
7.8 - High
- September 13, 2024
Illustrator versions 28.6, 27.9.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability
CVE-2024-41857
7.8 - High
- September 13, 2024
Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer underflow
Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Overflow or Wraparound vulnerability
CVE-2024-34121
7.8 - High
- September 13, 2024
Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer Overflow or Wraparound
Illustrator versions 28.6, 27.9.5 and earlier are affected by an out-of-bounds read vulnerability
CVE-2024-45111
5.5 - Medium
- September 13, 2024
Illustrator versions 28.6, 27.9.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Illustrator versions 28.6, 27.9.5 and earlier are affected by a NULL Pointer Dereference vulnerability
CVE-2024-43759
5.5 - Medium
- September 13, 2024
Illustrator versions 28.6, 27.9.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a DoS condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds write vulnerability
CVE-2024-34133
7.8 - High
- August 14, 2024
Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability
CVE-2024-34118
5.5 - Medium
- August 14, 2024
Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service condition. An attacker could exploit this vulnerability to render the application unresponsive or terminate its execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Improper Input Validation
Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability
CVE-2024-34134
5.5 - Medium
- August 14, 2024
Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability
CVE-2024-34135
5.5 - Medium
- August 14, 2024
Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier are affected by an Improper Input Validation vulnerability
CVE-2024-41856
7.8 - High
- August 14, 2024
Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Improper Input Validation
Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability
CVE-2024-34138
5.5 - Medium
- August 14, 2024
Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability
CVE-2024-34137
5.5 - Medium
- August 14, 2024
Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in a DoS. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability
CVE-2024-34136
5.5 - Medium
- August 14, 2024
Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file
CVE-2024-20791
7.8 - High
- May 16, 2024
Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability
CVE-2024-20793
5.5 - Medium
- May 16, 2024
Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use After Free vulnerability
CVE-2024-20792
7.8 - High
- May 16, 2024
Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability
CVE-2024-30272
7.8 - High
- April 11, 2024
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability
CVE-2024-30271
7.8 - High
- April 11, 2024
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability
CVE-2024-30273
- April 11, 2024
Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds read vulnerability
CVE-2024-20798
5.5 - Medium
- April 11, 2024
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by a Use After Free vulnerability
CVE-2023-26426
7.8 - High
- March 22, 2023
Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds write vulnerability
CVE-2023-25860
7.8 - High
- March 22, 2023
Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds write vulnerability
CVE-2023-25861
7.8 - High
- March 22, 2023
Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds read vulnerability
CVE-2023-25862
5.5 - Medium
- March 22, 2023
Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Adobe Illustrator or by Adobe? Click the Watch button to subscribe.
