CVE-2022-23198NULL Pointer Dereference in Adobe Illustrator

CWE-476NULL Pointer Dereference4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.7%
top 27.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Illustrator
Timeline
PublishedFeb 16
Latest updateFeb 17

Description

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5adobe/illustratorunspecified25.4.3+2
NVDadobe/illustrator26.0.026.0.2+1

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-93qp-m4m7-vjpw: Adobe Illustrator versions 252022-02-17
CVEList
Adobe Illustrator NULL Pointer Dereference Application denial-of-service2022-02-16
CVE-2022-23198 — NULL Pointer Dereference in Adobe | cvebase