CVE-2019-7090

CWE-125 — Out-of-bounds Read5 documents5 sources

Severity

6.5MEDIUM

EPSS

1.2%

top 20.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player Adobe Flash Player Desktop Runtime Adobe Flash Player FOR Google Chrome +1 more

Timeline

PublishedMay 24

Latest updateMay 24

Description

Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Player for Google Chrome versions 32.0.0.114 and earlier, and Flash Player for Microsoft Edge and Internet Explorer 11 versions 32.0.0.114 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5adobe/flash_player_for_microsoft_edge_and_internet_explorer_1132.0.0.114 and earlier

▶NVDadobe/flash_player_desktop_runtime32.0.0.114

▶CVEListV5adobe/flash_player_desktop_runtime32.0.0.114 and earlier

▶CVEListV5adobe/flash_player_for_google_chrome32.0.0.114 and earlier

▶NVDadobe/flash_player32.0.0.114

🔴Vulnerability Details

GHSA

GHSA-49vj-5fcp-ch84: Flash Player Desktop Runtime versions 32↗2022-05-24

▶

CVEList

CVE-2019-7090: Flash Player Desktop Runtime versions 32↗2019-05-24

▶

📋Vendor Advisories

Red Hat

flash-plugin: Information Disclosure vulnerability (APSB19-06)↗2019-02-12

▶

💬Community

Bugzilla

CVE-2019-7090 flash-plugin: Information Disclosure vulnerability (APSB19-06)↗2019-02-12

▶