CVE-2015-0309

CWE-119 — Buffer Overflow CWE-122 — Heap-based Buffer Overflow7 documents6 sources

Severity

10.0CRITICAL

EPSS

9.7%

top 7.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Adobe AIR Adobe Adobe AIR SDK Adobe Adobe AIR SDK AND Compiler +1 more

Timeline

PublishedJan 13

Latest updateMay 17

Description

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0304.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages5 packages

▶NVDadobe/flash_player13.0.0.259+15

▶NVDadobe/adobe_air_sdk_and_compiler15.0.0.356

▶NVDadobe/adobe_air15.0.0.356

▶NVDadobe/adobe_air_sdk15.0.0.356

▶Ubuntuflashplugin-nonfree< 11.2.202.429ubuntu0.14.04.1

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-p423-gqg6-3r8v: Heap-based buffer overflow in Adobe Flash Player before 13↗2022-05-17

▶

CVEList

CVE-2015-0309: Heap-based buffer overflow in Adobe Flash Player before 13↗2015-01-13

▶

OSV

CVE-2015-0309: Heap-based buffer overflow in Adobe Flash Player before 13↗2015-01-13

▶

📋Vendor Advisories

Red Hat

flash-plugin: Multiple code-execution flaws (APSB15-01)↗2015-01-13

▶

Red Hat

flash-plugin: Multiple code-execution flaws (APSB15-01)↗2015-01-13

▶

💬Community

Bugzilla

CVE-2015-0303 CVE-2015-0306 CVE-2015-0304 CVE-2015-0309 CVE-2015-0305 CVE-2015-0308 flash-plugin: Multiple code-execution flaws (APSB15-01)↗2015-01-14

▶