CVE-2019-7108

CWE-125 — Out-of-bounds Read6 documents6 sources

Severity

7.5HIGH

EPSS

3.1%

top 13.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player Adobe Flash Player Desktop Runtime Adobe Adobe Flash Player

Timeline

PublishedMay 23

Latest updateMay 24

Description

Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDadobe/flash_player32.0.0.156

▶NVDadobe/flash_player_desktop_runtime32.0.0.156

▶CVEListV5adobe/adobe_flash_player32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier versions

▶Ubuntuflashplugin-nonfree< 32.0.0.171ubuntu0.14.04.1+2

🔴Vulnerability Details

GHSA

GHSA-xf9w-8ghj-9mwp: Adobe Flash Player versions 32↗2022-05-24

▶

CVEList

CVE-2019-7108: Adobe Flash Player versions 32↗2019-05-23

▶

OSV

CVE-2019-7108: Adobe Flash Player versions 32↗2019-05-23

▶

📋Vendor Advisories

Red Hat

flash-plugin: Information Disclosure vulnerability (APSB19-19)↗2019-04-09

▶

💬Community

Bugzilla

CVE-2019-7108 flash-plugin: Information Disclosure vulnerability (APSB19-19)↗2019-04-09

▶