CVE-2014-0498Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe AIR

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources
Severity
10.0CRITICALNVD
EPSS
1.2%
top 21.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Adobe AIRAdobe AIR SDKAdobe Flash Player
Timeline
PublishedFeb 21
Latest updateMay 14

Description

Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

NVDadobe/flash_player11.011.7.700.269+3
NVDadobe/adobe_air< 4.0.0.1628
NVDadobe/adobe_air_sdk< 4.0.0.1628

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

3
GHSA
GHSA-gpf9-x4m4-m3gr: Stack-based buffer overflow in Adobe Flash Player before 112022-05-14
CVEList
CVE-2014-0498: Stack-based buffer overflow in Adobe Flash Player before 112014-02-21
VulnCheck
Adobe Flash Player Improper Restriction of Operations within the Bounds of a Memory Buffer2014

📋Vendor Advisories

1
Red Hat
flash-plugin: multiple flaws lead to arbitrary code execution (APSB14-07)2014-02-20

💬Community

1
Bugzilla
CVE-2014-0498 CVE-2014-0499 CVE-2014-0502 flash-plugin: multiple flaws lead to arbitrary code execution (APSB14-07)2014-02-20
CVE-2014-0498 — Adobe AIR vulnerability | cvebase