Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds write vulnerability when handling crafted PDF files. This could result in a write past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24411
Reference (s):
- https://www.zerodayinitiative.com/advisories/ZDI-20-1270/
- https://helpx.adobe.com/security/products/illustrator/apsb20-53.html
- URL: https://helpx.adobe.com/security/products/illustrator/apsb20-53.html