Threat Research

New Adobe Illustrator Patches Address Multiple Zero Day Vulnerabilities Discovered by FortiGuard Labs

By Yonghui Han | June 21, 2022

In early 2022, I discovered and reported five zero-day vulnerabilities in Adobe Illustrator to Adobe, Inc. On Tuesday, June 14, 2022, Adobe released a security patch that fixed these vulnerabilities. They are identified as CVE-2022-30649, CVE-2022-30666, CVE-2022-30667, CVE-2022-30668, and CVE-2022-30669. These vulnerabilities have different root causes related to two Illustrator plugins. All of these vulnerabilities are assigned a Critical or Important severity. We suggest users apply the Adobe patches as soon as possible. 

Affected platforms: Windows and MacOS
Impacted parties: Users of Adobe Illustrator 2022, versions 26.0.2 and earlier, Users of Adobe Illustrator 2021, versions 25.4.5 and earlier
Impact: Multiple vulnerabilities leading to Arbitrary Code Execution or Memory Leak
Severity level: Critical and Important

Following are some details on these vulnerabilities. More information can be found on the related Fortinet Zero Day Advisory pages by clicking on the CVE links below: 

CVE-2022-30649:

This Arbitrary Code Execution vulnerability exists in the decoding of CorelDraw Drawing ‘CDR’ files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed CDR file, which causes an out of bounds memory write due to an improper bounds check. 

Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted CDR file.

Fortinet previously released IPS signature Adobe.Illustrator.CVE-2022-30649.Arbitrary.Code.Execution for this specific vulnerability to proactively protect our customers.

CVE-2022-30666:

This Memory Leak vulnerability exists in the decoding of CorelDraw Drawing ‘CDR’ files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed CDR file, which causes an out of bounds memory access due to an improper bounds check. 

Attackers can exploit this vulnerability for unintended memory reads, potentially leading to a memory data leak.

Fortinet previously released IPS signature Adobe.Illustrator.CVE-2022-30666.Out.of.Bounds.Read for this specific vulnerability to proactively protect our customers.

CVE-2022-30667:

This Memory Leak vulnerability exists in the decoding of CorelDraw Drawing ‘CDR’ files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed CDR file, which causes an out of bounds memory access due to an improper bounds check. 

Attackers can exploit this vulnerability for unintended memory reads, potentially leading to a memory data leak.

Fortinet previously released IPS signature Adobe.Illustrator.CVE-2022-30667.Out.of.Bounds.Read for this specific vulnerability to proactively protect our customers.

CVE-2022-30668:

This Memory Leak vulnerability exists in the decoding of CorelDraw Drawing ‘CDR’ files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed CDR file, which causes an out of bounds memory access due to an improper bounds check. 

Attackers can exploit this vulnerability for unintended memory reads, potentially leading to a memory data leak.

Fortinet previously released IPS signature Adobe.Illustrator.CVE-2022-30668.Out.of.Bounds.Read for this specific vulnerability to proactively protect our customers.

CVE-2022-30669:

This Memory Leak vulnerability exists in the decoding of CorelDraw Drawing ‘CDR’ files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed CDR file, which causes an out of bounds memory access due to an improper bounds check. 

Attackers can exploit this vulnerability for unintended memory reads, potentially leading to a memory data leak.

Fortinet previously released IPS signature Adobe.Illustrator.CVE-2022-30669.Out.of.Bounds.Read for this specific vulnerability to proactively protect our customers.

Fortinet Protections

Fortinet IPS customers are protected with the following signatures, which were previously released for these vulnerabilities:

  • Adobe.Illustrator.CVE-2022-30649.Arbitrary.Code.Execution 
  • Adobe.Illustrator.CVE-2022-30666.Out.of.Bounds.Read
  • Adobe.Illustrator.CVE-2022-30667.Out.of.Bounds.Read
  • Adobe.Illustrator.CVE-2022-30668.Out.of.Bounds.Read
  • Adobe.Illustrator.CVE-2022-30669.Out.of.Bounds.Read

In addition, FortiEDR detects and prevents the exploitation of these vulnerabilities.

Learn more about Fortinet’s FortiGuard Labs threat research and intelligence organization and the FortiGuard Security Subscriptions and Services portfolio.