CVE-2018-4871 — Out-of-bounds Read in Adobe Flash Player

CWE-125 — Out-of-bounds Read6 documents5 sources

Severity

7.5HIGHNVD

EPSS

1.9%

top 16.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player Redhat Enterprise Linux Desktop Redhat Enterprise Linux Server +1 more

Timeline

PublishedJan 9

Latest updateMay 13

Description

An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDadobe/flash_player28.0.0.126

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

▶NVDredhat/enterprise_linux_workstation6.0

🔴Vulnerability Details

GHSA

GHSA-jhfm-prjw-6726: An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28↗2022-05-13

▶

CVEList

CVE-2018-4871: An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28↗2018-01-09

▶

📋Vendor Advisories

Red Hat

flash-plugin: out-of-bounds read causing information leak (APSB18-01)↗2018-01-09

▶

💬Community

Bugzilla

CVE-2018-1000852 freerdp: out of bounds read in drdynvc_process_capability_request↗2018-12-21

▶

Bugzilla

CVE-2018-4871 flash-plugin: out-of-bounds read causing information leak (APSB18-01)↗2018-01-09

▶