CVE-2018-4919

CWE-416 — Use After Free CWE-119 — Buffer Overflow6 documents6 sources

Severity

8.8HIGH

EPSS

2.0%

top 16.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player Adobe Flash Player Desktop Runtime

Timeline

PublishedMay 19

Latest updateMay 14

Description

Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5adobe_flash_player_28.0.0.161_and_earlier_versionsAdobe Flash Player 28.0.0.161 and earlier versions

▶NVDadobe/flash_player28.0.0.161

▶NVDadobe/flash_player_desktop_runtime28.0.0.161

▶Ubuntuflashplugin-nonfree< 29.0.0.140ubuntu0.14.04.1+1

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-4xhc-7xr7-f3hm: Adobe Flash Player versions 28↗2022-05-14

▶

CVEList

CVE-2018-4919: Adobe Flash Player versions 28↗2018-05-19

▶

OSV

CVE-2018-4919: Adobe Flash Player versions 28↗2018-05-19

▶

📋Vendor Advisories

Red Hat

flash-plugin: Use After Free - remote code execution vulnerability (APSB18-05)↗2018-03-13

▶

💬Community

Bugzilla

CVE-2018-4919 flash-plugin: Use After Free - remote code execution vulnerability (APSB18-05)↗2018-03-13

▶