Threat Research

Fortinet Security Researchers Discover Multiple Vulnerabilities in Adobe Illustrator & Photoshop

By Kushal Arvind Shah and Yonghui Han | February 10, 2022

Toward the end of 2021, Fortinet security researchers Kushal Arvind Shah and Yonghui Han discovered and reported numerous zero-day vulnerabilities in Adobe Illustrator and Photoshop. This Patch Tuesday (dated Feb 08, 2022), Adobe released several security patches (1 and 2) which fixed 14 of them. These vulnerabilities are identified as CVE-2022-23186, CVE-2022-23188, CVE-2022-23189, CVE-2022-23190, CVE-2022-23191, CVE-2022-23192, CVE-2022-23193, CVE-2022-23194, CVE-2022-23195, CVE-2022-23196, CVE-2022-23197, CVE-2022-23198, CVE-2022-23199, and CVE-2022-23203. All of these vulnerabilities have different root causes pertaining to a multitude of Illustrator and Photoshop Plugins. Due to the severity of these vulnerabilities, we suggest users apply the Adobe patches as soon as possible.

Affected platforms: Windows and MacOS

Impacted parties: Users of Adobe Illustrator 2022, versions 26.0.2 and earlier

                               Users of Adobe Illustrator 2021, versions 25.4.3 and earlier

                               Users of Adobe Photoshop 2022, versions 23.1 and earlier

                               Users of Adobe Photoshop 2021, versions 22.5.4 and earlier

Impact:  Multiple vulnerabilities leading to Arbitrary Code Execution or Information Disclosure.

Severity level: Critical and Important

Following are some details on these vulnerabilities. More information can be found on the related Fortinet Zero Day Advisory pages by clicking on the CVE links, below:

CVE-2022-23186

This is an Arbitrary Code Execution vulnerability that exists in the decoding of CorelDraw Drawing (CDR) files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed CDR file, which causes an Out of Bounds Write memory access due to an improper bounds check. 

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted CDR file.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23186.Arbitrary.Code.Execution for this specific vulnerability to proactively protect our customers.

CVE-2022-23188

This is a Buffer Overflow vulnerability in the Adobe Illustrator ‘MPS’ plugin. Specifically, the vulnerability is caused by a malformed Macintosh Picture Image file (PCT) file, which causes an Out of Bounds Write memory access due to improper bounds check when manipulating a pointer to an allocated buffer.

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCT file.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23188.Buffer.Overflow for this specific vulnerability to proactively protect our customers.

CVE-2022-23189

This is a Null-Pointer Dereference vulnerability that exists in the decoding of AutoCAD Drawing (DWG) files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed DWG file, which causes a NULL pointer dereference. 

Attackers can exploit this vulnerability with a crafted DWG file, potentially leading to an application denial-of-service.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23189.Null.Pointer.Dereference for this specific vulnerability to proactively protect our customers.

CVE-2022-23190

This is a Memory Corruption vulnerability that exists in the decoding of Computer Graphics Metafile (CGM) files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed CGM file, which causes an Out of Bounds Read memory access due to an improper bounds check. The specific vulnerability exists in the ‘Reader_for_CGM’ plugin.

Attackers can exploit this vulnerability for unintended memory reads, potentially leading to a memory data leak via a crafted CGM file.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23190.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2022-23191

This is a Memory Corruption vulnerability that exists in the decoding of Macintosh Picture Image file (PCT) in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed PCT file, which causes an Out of Bounds Read memory access due to an improper bounds check. The specific vulnerability exists in the ‘MPS’ plugin.

Attackers can exploit this vulnerability for unintended memory reads, potentially leading to a memory data leak via a crafted PCT file.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23191.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2022-23192

This is a Memory Corruption vulnerability existing in the decoding of Adobe Illustrator Artwork (AI) files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed AI file, which causes an Out of Bounds memory access due to an improper bounds check.

Attackers can exploit this vulnerability for unintended memory reads, potentially leading to a memory data leak via a crafted AI file.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23192.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2022-23193

This is a Memory Corruption vulnerability existing in the decoding of Portable Document Format (PDF) files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed PDF file, which causes an Out of Bounds memory access, due to improper bounds check.

Attackers can exploit this vulnerability for unintended memory reads, potentially leading to a memory data leak, via a crafted PDF file.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23193.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2022-23194

This is a Memory Corruption vulnerability that exists in the decoding of Computer Graphics Metafile (CGM) files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed CGM file, which causes an Out of Bounds Read memory access due to an improper bounds check. The specific vulnerability exists in the ‘Reader_for_CGM’ plugin.

Attackers can exploit this vulnerability for unintended memory reads, potentially leading to a memory data leak via a crafted CGM file.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23194.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2022-23195

This is a Memory Corruption vulnerability that exists in the decoding of Computer Graphics Metafile (CGM) files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed CGM file, which causes an Out of Bounds Read memory access due to an improper bounds check. The specific vulnerability exists in the ‘Reader_for_CGM’ plugin.

Attackers can exploit this vulnerability for unintended memory reads, potentially leading to a memory data leak via a crafted CGM file.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23195.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2022-23196

This is a Memory Leak vulnerability that exists in the decoding of CorelDraw Drawing (CDR) files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed CDR file, which causes an Out of Bounds memory access due to an improper bounds check. 

Attackers can exploit this vulnerability for unintended memory reads, potentially leading to a memory data leak via a crafted CDR file.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23196.Memory.Leak for this specific vulnerability to proactively protect our customers.

CVE-2022-23197

This is a Memory Leak vulnerability that exists in the decoding of CorelDraw Drawing (CDR) files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed CDR file, which causes an Out of Bounds memory access due to an improper bounds check. 

Attackers can exploit this vulnerability for unintended memory reads, potentially leading to a memory data leak via a crafted CDR file.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23197.Memory.Leak for this specific vulnerability to proactively protect our customers.

CVE-2022-23198

This is a Null-Pointer Dereference vulnerability that exists in the decoding of CorelDraw Drawing (CDR) files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed CDR file, which causes a NULL pointer dereference. 

Attackers can exploit this vulnerability with a crafted CDR file, potentially leading to an application denial-of-service.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23198.Null.Pointer.Dereference for this specific vulnerability to proactively protect our customers

CVE-2022-23199

This is a Null-Pointer Dereference vulnerability that exists in the decoding of CorelDraw Drawing (CDR) files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed CDR file, which causes a NULL pointer dereference. 

Attackers can exploit this vulnerability with a crafted CDR file, potentially leading to an application denial-of-service.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23199.NULL.Pointer.Dereference for this specific vulnerability to proactively protect our customers

CVE-2022-23203

This is a Buffer Overflow vulnerability existing in the decoding of Universal 3D (U3D) files in Adobe Photoshop. Specifically, the vulnerability is caused by a malformed U3D file, which causes an Out of Bounds memory access due to improper bounds check. The specific vulnerability exists in the ‘U3D’ plugin.

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted U3D file.

Fortinet released IPS signature Adobe.Photoshop.CVE-2022-23203.Arbitrary.Code.Execution for this specific vulnerability to proactively protect our customers.

Learn more about Fortinet’s FortiGuard Labs threat research and intelligence organization and the FortiGuard Security Subscriptions and Services portfolio.