Description
Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-03-10
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Memory exposure via out-of-bounds read
Action: Apply Patch
AI Analysis

Impact

Adobe Illustrator versions 29.8.4, 30.1 and earlier contain an out-of-bounds read vulnerability (CWE-125) that can expose the contents of memory. An attacker who convinces a user to open a malicious file can read sensitive data stored in the victim’s process memory. The flaw manifests as an improper bounds check when processing certain file elements.

Affected Systems

The affected product is Adobe Illustrator on Windows. Specific vulnerable releases are version 29.8.4, 30.1, and all earlier iterations. No other Adobe or Microsoft Windows products are impacted according to the provided data.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of <1% suggests a low probability of exploitation in the wild. The vulnerability is not present in CISA’s KEV catalog. Because exploitation requires the user to open a malicious file, the threat is limited to environments where users may view unsolicited files, and no remote or unattended exploitation is feasible.

Generated by OpenCVE AI on April 16, 2026 at 03:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Adobe Illustrator security update as per the Adobe Security Bulletin.
  • Update Illustrator to the most recent version (29.8.5 or later; 30.2 or later) to close the vulnerability.
  • Restrict users from opening unknown or untrusted files or implement a file scanning solution before opening files in Illustrator.

Generated by OpenCVE AI on April 16, 2026 at 03:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows

Wed, 11 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe illustrator
Vendors & Products Adobe
Adobe illustrator

Tue, 10 Mar 2026 23:15:00 +0000

Type Values Removed Values Added
Description Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Illustrator | Out-of-bounds Read (CWE-125)
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

Adobe Illustrator
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-03-11T13:08:14.877Z

Reserved: 2026-02-18T22:02:41.387Z

Link: CVE-2026-27270

cve-icon Vulnrichment

Updated: 2026-03-11T13:01:50.230Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T23:16:44.073

Modified: 2026-03-11T17:12:03.567

Link: CVE-2026-27270

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T03:15:22Z

Weaknesses