CVE-2017-3100

CWE-787Out-of-bounds WriteCWE-119Buffer Overflow6 documents6 sources
Severity
6.5MEDIUM
EPSS
1.9%
top 16.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe Flash PlayerAdobe Flash Player Desktop Runtime
Timeline
PublishedJul 17
Latest updateMay 13

Description

Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5adobe_flash_player_26.0.0.131_and_earlier.Adobe Flash Player 26.0.0.131 and earlier.
NVDadobe/flash_player26.0.0.120+1
Ubuntuflashplugin-nonfree< 26.0.0.137ubuntu0.14.04.1+1

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

3
GHSA
GHSA-8r6j-26f6-55cv: Adobe Flash Player versions 262022-05-13
OSV
CVE-2017-3100: Adobe Flash Player versions 262017-07-17
CVEList
CVE-2017-3100: Adobe Flash Player versions 262017-07-14

📋Vendor Advisories

1
Red Hat
flash-plugin: information disclosure issues fixed in APSB17-212017-07-11

💬Community

1
Bugzilla
CVE-2017-3080 CVE-2017-3100 flash-plugin: information disclosure issues fixed in APSB17-212017-07-11
CVE-2017-3100 (MEDIUM CVSS 6.5) | Adobe Flash Player versions 26.0.0. | cvebase.io