Description
Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-05-12
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A NULL Pointer Dereference flaw in Adobe Illustrator causes the program to crash when processing a specially crafted file. The result is a denial‑of‑service that affects the availability of the application for the current user. The vulnerability does not provide privilege escalation or data exposure, but it can disrupt workflows in environments where Illustrator is critical.

Affected Systems

Adobe Illustrator versions 29.8.6, 30.3 and any earlier releases are affected. The vulnerability is tied to the core application and applies to all installations of those versions regardless of the operating system.

Risk and Exploitability

The CVSS score of 5.5 marks this flaw as moderate strength. EPSS information is not available, and the vulnerability is not listed in the CISA KEV catalog, indicating no widespread exploitation activity has been reported yet. Based on the description, the likely attack vector is a user opening a malicious .ai file, which requires the user to interact with the file. The exploit path is therefore human‑targeted rather than purely automated, and success depends on the user’s willingness to open the file.

Generated by OpenCVE AI on May 12, 2026 at 20:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Adobe Illustrator update that corrects the NULL Pointer Dereference flaw.
  • Avoid opening or opening questionable Illustrator files from unknown senders and use quarantine or file‑type restrictions as a temporary defense.
  • Refer to Adobe’s security advisory for detail on the exact patch version and additional recommendations.

Generated by OpenCVE AI on May 12, 2026 at 20:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe illustrator
Apple
Apple macos
Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Adobe
Adobe illustrator
Apple
Apple macos
Microsoft
Microsoft windows

Tue, 12 May 2026 18:15:00 +0000

Type Values Removed Values Added
Description Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Illustrator | NULL Pointer Dereference (CWE-476)
Weaknesses CWE-476
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L'}

Subscriptions

Adobe Illustrator
Apple Macos
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-05-12T20:12:57.892Z

Reserved: 2026-03-30T17:30:36.493Z

Link: CVE-2026-34662

cve-icon Vulnrichment

Updated: 2026-05-12T20:12:55.259Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-12T18:17:11.123

Modified: 2026-05-12T19:15:50.950

Link: CVE-2026-34662

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T03:30:05Z

Weaknesses