CVE-2021-21105

HIGH

Adobe Illustrator <25.2 - Memory Corruption

Title source: llm

Description

Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

References (1)

[Vendor Advisory] https://helpx.adobe.com/security/products/illustrator/apsb21-24.html

Scores

CVSS v3 8.8

EPSS 0.0442

EPSS Percentile 89.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-787 CWE-788

Status published

Products (1)

adobe/illustrator < 25.2

Published Sep 08, 2021

Tracked Since Feb 18, 2026