Description
Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-05-12
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Adobe Illustrator versions 29.8.6, 30.3 and earlier contain an out‑of‑bounds read flaw that can expose sensitive memory to a hostile user. The vulnerability is a classic CWE‑125 scenario, where reading beyond a buffer boundary can reveal confidential data. If exploited, an attacker could obtain private information from the victim’s system, potentially compromising user privacy and data integrity. The impact is limited to informational leakage, not outright code execution.

Affected Systems

Adobe’s Illustrator product, specifically versions 29.8.6, 30.3 and all earlier releases. No other Adobe suites are listed as affected.

Risk and Exploitability

The CVSS base score of 5.5 indicates moderate severity; the EPSS score is currently unavailable, giving no concrete estimate of real‑world exploitation likelihood. The vulnerability is not listed in CISA’s KEV catalog, suggesting no public exploits are known. Exploitation requires a victim to open a specially crafted file, indicating user interaction is a prerequisite and the attack vector is mainly a malicious file that a user must voluntarily open.

Generated by OpenCVE AI on May 12, 2026 at 19:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Adobe Illustrator patch that fixes the out‑of‑bounds read issue.
  • If unable to update immediately, verify the integrity of any file before opening and consider disabling automatic opening of Illustrator files from untrusted sources.
  • Stay alert for Adobe security advisories and apply future updates as they become available.

Generated by OpenCVE AI on May 12, 2026 at 19:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe illustrator
Apple
Apple macos
Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Adobe
Adobe illustrator
Apple
Apple macos
Microsoft
Microsoft windows
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 18:15:00 +0000

Type Values Removed Values Added
Description Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Illustrator | Out-of-bounds Read (CWE-125)
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

Adobe Illustrator
Apple Macos
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-05-12T18:32:23.679Z

Reserved: 2026-03-30T17:30:36.494Z

Link: CVE-2026-34663

cve-icon Vulnrichment

Updated: 2026-05-12T18:32:02.128Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-12T18:17:11.253

Modified: 2026-05-12T19:13:59.580

Link: CVE-2026-34663

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T00:15:27Z

Weaknesses