CVE-2016-0959

CWE-416 — Use After Free5 documents5 sources

Severity

9.8CRITICAL

EPSS

1.0%

top 23.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe AIR Adobe AIR SDK Adobe AIR SDK \& Compiler +3 more

Timeline

PublishedJun 27

Latest updateMay 14

Description

Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before 20.0.0.267, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 before 20.0.0.267, Adobe Flash Player for Internet Explorer 10 and 11 before 20.0.0.267, Adobe Flash Player for Linux before 11.2.202.559, AIR Desktop Runtime before 20.0.0.233, AIR SDK before 20.0.0.233, AIR SDK & Compiler before 2…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

▶NVDadobe/flash_player_extended_support_release18.0.0.268

▶NVDadobe/flash_player20.0.0.235+1

▶Ubuntuflashplugin-nonfree< 11.2.202.559ubuntu0.14.04.1

▶NVDadobe/air_sdk_\&_compiler20.0.0.204

▶NVDadobe/air20.0.0.204

🔴Vulnerability Details

GHSA

GHSA-xhrc-66pf-63mr: Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20↗2022-05-14

▶

OSV

CVE-2016-0959: Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20↗2017-06-27

▶

CVEList

CVE-2016-0959: Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20↗2017-06-27

▶

📋Vendor Advisories

Red Hat

flash-plugin: multiple code execution issues fixed in APSB16-01↗2015-12-28

▶