CVE-2018-4933

CWE-125 — Out-of-bounds Read6 documents6 sources

Severity

6.5MEDIUM

EPSS

3.3%

top 12.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player Adobe Flash Player Desktop Runtime

Timeline

PublishedMay 19

Latest updateMay 14

Description

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5adobe_flash_player_29.0.0.113_and_earlier_versionsAdobe Flash Player 29.0.0.113 and earlier versions

▶NVDadobe/flash_player29.0.0.113

▶NVDadobe/flash_player_desktop_runtime29.0.0.113

▶Ubuntuflashplugin-nonfree< 29.0.0.140ubuntu0.14.04.1+2

🔴Vulnerability Details

GHSA

GHSA-pfhj-qj49-rfqg: Adobe Flash Player versions 29↗2022-05-14

▶

OSV

CVE-2018-4933: Adobe Flash Player versions 29↗2018-05-19

▶

CVEList

CVE-2018-4933: Adobe Flash Player versions 29↗2018-05-19

▶

📋Vendor Advisories

Red Hat

flash-plugin: Information Disclosure vulnerabilities (APSB18-08)↗2018-04-10

▶

💬Community

Bugzilla

CVE-2018-4936 CVE-2018-4933 CVE-2018-4934 flash-plugin: Information Disclosure vulnerabilities (APSB18-08)↗2018-04-10

▶