{"containers": {"cna": {"affected": [{"product": "Illustrator", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "26.0.3", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2022-03-08T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Illustrator."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "Buffer Overflow (CWE-120)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-03-11T17:54:31.000Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://helpx.adobe.com/security/products/illustrator/apsb22-15.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Adobe Illustrator 2022 Buffer Overflow could lead to Arbitrary code execution", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "DATE_PUBLIC": "2022-03-08T23:00:00.000Z", "ID": "CVE-2022-23187", "STATE": "PUBLIC", "TITLE": "Adobe Illustrator 2022 Buffer Overflow could lead to Arbitrary code execution"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Illustrator", "version": {"version_data": [{"version_affected": "<=", "version_value": "26.0.3"}, {"version_affected": "<=", "version_value": "None"}, {"version_affected": "<=", "version_value": "None"}, {"version_affected": "<=", "version_value": "None"}]}}]}, "vendor_name": "Adobe"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Illustrator."}]}, "impact": {"cvss": {"attackComplexity": "Low", "attackVector": "Local", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "userInteraction": "Required", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Buffer Overflow (CWE-120)"}]}]}, "references": {"reference_data": [{"name": "https://helpx.adobe.com/security/products/illustrator/apsb22-15.html", "refsource": "MISC", "url": "https://helpx.adobe.com/security/products/illustrator/apsb22-15.html"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:36:20.194Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://helpx.adobe.com/security/products/illustrator/apsb22-15.html"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T13:13:20.129557Z", "id": "CVE-2022-23187", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T18:54:59.631Z"}}]}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2022-23187", "datePublished": "2022-03-11T17:54:31.722Z", "dateReserved": "2022-01-12T00:00:00.000Z", "dateUpdated": "2025-04-23T18:54:59.631Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://helpx.adobe.com/security/products/illustrator/apsb22-15.html", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:36:20.194Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-23187", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-23T13:13:20.129557Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T13:13:21.617Z"}}], "cna": {"title": "Adobe Illustrator 2022 Buffer Overflow could lead to Arbitrary code execution", "source": {"discovery": "EXTERNAL"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Adobe", "product": "Illustrator", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "26.0.3"}, {"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "None"}]}], "datePublic": "2022-03-08T00:00:00.000Z", "references": [{"url": "https://helpx.adobe.com/security/products/illustrator/apsb22-15.html", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Illustrator."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "Buffer Overflow (CWE-120)"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2022-03-11T17:54:31.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"scope": "Unchanged", "version": "3.1", "baseScore": 7.8, "attackVector": "Local", "baseSeverity": "High", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "High", "userInteraction": "Required", "attackComplexity": "Low", "availabilityImpact": "High", "privilegesRequired": "None", "confidentialityImpact": "High"}}, "source": {"discovery": "EXTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "26.0.3", "version_affected": "<="}, {"version_value": "None", "version_affected": "<="}, {"version_value": "None", "version_affected": "<="}, {"version_value": "None", "version_affected": "<="}]}, "product_name": "Illustrator"}]}, "vendor_name": "Adobe"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://helpx.adobe.com/security/products/illustrator/apsb22-15.html", "name": "https://helpx.adobe.com/security/products/illustrator/apsb22-15.html", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Illustrator."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Buffer Overflow (CWE-120)"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-23187", "STATE": "PUBLIC", "TITLE": "Adobe Illustrator 2022 Buffer Overflow could lead to Arbitrary code execution", "ASSIGNER": "psirt@adobe.com", "DATE_PUBLIC": "2022-03-08T23:00:00.000Z"}}}}, "cveMetadata": {"cveId": "CVE-2022-23187", "state": "PUBLISHED", "dateUpdated": "2025-04-23T18:54:59.631Z", "dateReserved": "2022-01-12T00:00:00.000Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2022-03-11T17:54:31.722Z", "assignerShortName": "adobe"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "9AC5D6D1-803A-4E72-B764-55AAC046A457", "versionEndExcluding": "25.4.5", "versionStartIncluding": "25.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "9BAC6540-C7B3-4DC1-BC56-F21693BA3A3B", "versionEndExcluding": "26.1.0", "versionStartIncluding": "26.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Illustrator."}, {"lang": "es", "value": "Adobe Illustrator versi\u00f3n 26.0.3 (y anteriores), est\u00e1 afectada por una vulnerabilidad de desbordamiento de b\u00fafer debido a un manejo no seguro de un archivo dise\u00f1ado, que puede resultar en una ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo dise\u00f1ado en Illustrator"}], "id": "CVE-2022-23187", "lastModified": "2024-11-21T06:48:09.370", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@adobe.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-11T18:15:30.887", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/illustrator/apsb22-15.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/illustrator/apsb22-15.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "psirt@adobe.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}