CVE-2017-3071

CWE-416 — Use After Free24 documents6 sources

Severity

8.8HIGH

EPSS

1.7%

top 17.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player Adobe Flash Player Desktop Runtime Redhat Enterprise Linux +2 more

Timeline

PublishedMay 9

Latest updateMay 13

Description

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5adobe_flash_player_25.0.0.148_and_earlier.Adobe Flash Player 25.0.0.148 and earlier.

▶NVDadobe/flash_player25.0.0.148

▶NVDadobe/flash_player_desktop_runtime25.0.0.163+1

▶Ubuntuflashplugin-nonfree< 25.0.0.171ubuntu0.14.04.1+1

▶NVDredhat/enterprise_linux_desktop6.0

Also affects: Enterprise Linux 6.0

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-jfvx-4557-pgcj: Adobe Flash Player versions 25↗2022-05-13

▶

OSV

CVE-2017-3071: Adobe Flash Player versions 25↗2017-05-09

▶

CVEList

CVE-2017-3071: Adobe Flash Player versions 25↗2017-05-09

▶

📋Vendor Advisories

Red Hat

chromium-browser: sandbox escape in indexeddb↗2017-06-15

▶

Red Hat

chromium-browser: domain spoofing in omnibox↗2017-06-15

▶

Red Hat

chromium-browser: out of bounds read in v8↗2017-06-15

▶

Red Hat

chromium-browser: ui spoofing in blink↗2017-06-05

▶

Red Hat

chromium-browser: address spoofing in omnibox↗2017-06-05

▶

💬Community

Bugzilla

CVE-2017-3068 CVE-2017-3069 CVE-2017-3070 CVE-2017-3071 CVE-2017-3072 CVE-2017-3073 CVE-2017-3074 flash-plugin: multiple code execution issues fixed in APSB17-15↗2017-05-09

▶