FortiGuard detects multiple flaws in Adobe Illustrator 2020

bitheerani93 · Post by **bitheerani93** » Wed Apr 23, 2025 5:18 am

In January last year, Kushal Arvind Shah discovered and reported several critical vulnerabilities in the Adobe Illustrator CC 2020 platform. On April 28, 2020, Adobe released several out-of-band security greece mobile database that fixed these issues. These vulnerabilities are identified as CVE-2020-9570, CVE-2020-9571, CVE-2020-9572, CVE-2020-9573, and CVE-2020-9574. All these vulnerabilities have different root causes related to various Illustrator plugins. Given the critical classification of these vulnerabilities, we recommend that users apply these Adobe patches as soon as possible.

Additional details of these vulnerabilities:

CVE-2020-9570

This memory corruption flaw exists in the decoding of PCX files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed PCX file, which causes an out-of-bounds write memory access due to an incorrect bounds check. This specific vulnerability exists in the 'PCX' plugin.

Attackers could exploit this vulnerability using out-of-bounds access for unwanted reads, writes, or frees, potentially causing code corruption, a control flow hijack, or an information leak attack.

A remote attacker could exploit this vulnerability to execute arbitrary code in the context of the application via a crafted PCX file.

Fortinet has already released the Adobe.Illustrator.CVE-2020-9570.Memory.Corruption IPS signature for this specific vulnerability to proactively protect our customers before the patch is available.

CVE-2020-9571

This memory corruption vulnerability exists in the decoding of PCT files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed PCT file, which causes an out-of-bounds memory access due to an improper bounds check. This specific vulnerability exists in the 'MPS' plugin.

Attackers could exploit this vulnerability using out-of-bounds access for unwanted reads, writes, or frees, potentially causing code corruption, a control flow hijack, or an information leak attack.

A remote attacker could exploit this vulnerability to execute arbitrary code in the context of the application via a crafted PCT file.

Fortinet has already released the Adobe.Illustrator.CVE-2020-9571.Memory.Corruption IPS signature for this specific vulnerability to proactively protect our customers before the patch is available.

CVE-2020-9572

This heap memory corruption vulnerability exists in the Adobe Illustrator 'PCT' plug-in. Specifically, the vulnerability is caused by a malformed PCT file, which causes an out-of-bounds write memory access due to an improper bounds check when manipulating a pointer to a heap-allocated buffer.

A remote attacker could exploit this vulnerability to execute arbitrary code in the context of the application via a crafted PCT file.

Fortinet has already released the Adobe.Illustrator.CVE-2020-9572.Memory.Corruption IPS signature for this specific vulnerability to proactively protect our customers before the patch is available.

CVE-2020-9573 :

This memory corruption vulnerability exists in the decoding of PCT files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed PCT file, which causes an out-of-bounds memory access due to an improper bounds check. The specific vulnerability exists in the 'MPS' plugin.

Attackers could exploit this vulnerability using out-of-bounds access for unwanted reads, writes, or frees, potentially causing code corruption, a control flow hijack, or an information leak attack.

A remote attacker could exploit this vulnerability to execute arbitrary code in the context of the application via a crafted PCT file.

Fortinet has already released the Adobe.Illustrator.CVE-2020-9573.Memory.Corruption IPS signature for this specific vulnerability to proactively protect our customers before the patch is available.

CVE-2020-9574 :

This memory corruption vulnerability exists in the decoding of PostScript (PS) files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed PS file, which causes an out-of-bounds write memory access due to an improper bounds check. The specific vulnerability exists in the 'MPS' plug-in.

Attackers could exploit the vulnerability using out-of-bounds access for unwanted writes or frees, potentially leading to code corruption, a control flow hijack, or an information leak attack.

A remote attacker could exploit this vulnerability to execute arbitrary code in the context of the application via a crafted PS file.

Fortinet has already released the Adobe Illustrator IPS signature CVE-2020-9574.Memory.Corruption for this specific vulnerability to proactively protect our customers before the patch becomes available.