Vulnerability Details : CVE-2022-44498

Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published 2022-12-16 16:15:25

Updated 2022-12-21 17:46:23

Source Adobe Systems Incorporated

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-44498

Probability of exploitation activity in the next 30 days: 0.17%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 53 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-44498

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N	1.8	3.6	psirt@adobe.com
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2022-44498

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: psirt@adobe.com (Primary)

References for CVE-2022-44498

https://helpx.adobe.com/security/products/illustrator/apsb22-60.html

Adobe Security Bulletin
Patch;Vendor Advisory

CVEs referencing this url

Products affected by CVE-2022-44498

Adobe » Illustrator
Versions up to, including, (<=) 26.5.1
cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Macos » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Illustrator » Version: 27.0
cpe:2.3:a:adobe:illustrator:27.0:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Macos » Version: N/A
When used together with: Microsoft » Windows » Version: N/A