CVE-2019-7845

CWE-416 — Use After Free5 documents5 sources

Severity

8.8HIGH

EPSS

10.8%

top 6.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player Adobe Adobe Flash Player Redhat Enterprise Linux Desktop +2 more

Timeline

PublishedJun 12

Latest updateMay 24

Description

Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶NVDadobe/flash_player32.0.0.192

▶CVEListV5adobe/adobe_flash_player32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192  and earlier versions

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

▶NVDredhat/enterprise_linux_workstation6.0

🔴Vulnerability Details

GHSA

GHSA-284f-xx97-3544: Adobe Flash Player versions 32↗2022-05-24

▶

CVEList

CVE-2019-7845: Adobe Flash Player versions 32↗2019-06-12

▶

📋Vendor Advisories

Red Hat

flash-plugin: Arbitrary Code Execution vulnerability (APSB19-30)↗2019-06-11

▶

💬Community

Bugzilla

CVE-2019-7845 flash-plugin: Arbitrary Code Execution vulnerability (APSB19-30)↗2019-06-11

▶