Description
Illustrator versions 29.8.4, 30.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-03-10
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution
Action: Immediate Patch
AI Analysis

Impact

A stack‑based buffer overflow exists in earlier Adobe Illustrator releases. The flaw allows an attacker to overwrite the call stack and execute arbitrary code, gaining full control of the application as the current user. It is a classic memory corruption weakness classified as CWE‑121. The vulnerability is only exploitable when a user opens a crafted Illustrator file, requiring user interaction to trigger execution.

Affected Systems

Adobe Illustrator versions 29.8.4, 30.1 and all earlier releases are affected. The vulnerability does not affect other Adobe products or operating systems, and only the Illustrator product family is impacted.

Risk and Exploitability

The problem has a CVSS score of 7.8, indicating a high severity. Exploit probability is very low, with an Expected Score of less than 1 percent, and the vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog. An attacker would need to convince (or trick) a victim to open a malicious file, after which the overflow would be triggered to gain code execution in the victim’s user context.

Generated by OpenCVE AI on April 16, 2026 at 09:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe Illustrator to the latest security‑patched version (31.0 or later).
  • Restrict Illustrator from opening files from untrusted locations.
  • Educate users to verify the source of any file before opening it.

Generated by OpenCVE AI on April 16, 2026 at 09:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows

Wed, 11 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe illustrator
Vendors & Products Adobe
Adobe illustrator

Tue, 10 Mar 2026 23:15:00 +0000

Type Values Removed Values Added
Description Illustrator versions 29.8.4, 30.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Illustrator | Stack-based Buffer Overflow (CWE-121)
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Illustrator
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-03-11T13:08:15.780Z

Reserved: 2026-02-18T22:02:41.387Z

Link: CVE-2026-27267

cve-icon Vulnrichment

Updated: 2026-03-11T13:02:00.630Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T23:16:43.740

Modified: 2026-03-11T17:12:29.327

Link: CVE-2026-27267

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T09:30:06Z

Weaknesses