CVE-2009-3794 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe AIR
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents5 sources
Severity
9.3CRITICALNVD
EPSS
21.2%
top 4.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 10
Latest updateMay 2
Description
Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.
CVSS vector
AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0
Affected Packages2 packages
Patches
🔴Vulnerability Details
2📋Vendor Advisories
6Red Hat▶
flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)↗2009-12-08
Red Hat▶
flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)↗2009-12-08
Red Hat▶
flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)↗2009-12-08
Red Hat▶
flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)↗2009-12-08
Red Hat▶
flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)↗2009-12-08
💬Community
1Bugzilla▶
flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)↗2009-12-03