CVE-2015-3117 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe AIR

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer37 documents7 sources

Severity

10.0CRITICALNVD

EPSS

5.5%

top 9.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe AIR Adobe AIR SDK Adobe AIR SDK Compiler +2 more

Timeline

PublishedJul 9

Latest updateMay 17

Description

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, and CVE-2015-4431.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages5 packages

▶NVDadobe/flash_player11.2.202.468+21

▶NVDadobe/air_sdk_compiler18.0.0.144

▶NVDadobe/air18.0.0.144

▶NVDadobe/air_sdk18.0.0.144

▶NVDopensuse/evergreen11.4

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-fg32-r728-m423: Adobe Flash Player before 13↗2022-05-17

▶

GHSA

GHSA-m63g-4c46-827h: Adobe Flash Player before 13↗2022-05-17

▶

GHSA

GHSA-3m2g-vv9f-ghpw: Adobe Flash Player before 13↗2022-05-17

▶

GHSA

GHSA-j89r-ph4h-8h2m: Adobe Flash Player before 13↗2022-05-17

▶

GHSA

GHSA-4r75-m9pv-vwvf: Adobe Flash Player before 13↗2022-05-17

▶