CVE-2008-5363 — Adobe AIR vulnerability

CWE-3995 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

3.6%

top 12.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe AIR Adobe Flash Player

Timeline

PublishedDec 8

Latest updateMay 14

Description

The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDadobe/flash_player9.0.16.0 — 9.0.151.0+1

▶NVDadobe/air< 1.5

Patches

Patch: www.adobe.com ↗Patch: www.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-mhh5-jv9p-r925: The ActionScript 2 virtual machine in Adobe Flash Player 10↗2022-05-14

▶

CVEList

CVE-2008-5363: The ActionScript 2 virtual machine in Adobe Flash Player 10↗2008-12-08

▶

📋Vendor Advisories

Red Hat

security flaw↗2008-11-17

▶

💬Community

Bugzilla

CVE-2008-5363 security flaw↗2018-08-16

▶