CVE-2019-8070

CWE-416 — Use After Free5 documents5 sources

Severity

9.8CRITICAL

EPSS

2.0%

top 16.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player Adobe Flash Player Desktop Runtime

Timeline

PublishedSep 12

Latest updateMay 24

Description

Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDadobe/flash_player32.0.0.238+1

▶NVDadobe/flash_player_desktop_runtime32.0.0.238

▶CVEListV5adobe/flash_player32.0.0.207 and earlier versions, 32.0.0.238 and earlier versions+1

🔴Vulnerability Details

GHSA

GHSA-gr5g-6jc7-7vf8: Adobe Flash Player 32↗2022-05-24

▶

CVEList

CVE-2019-8070: Adobe Flash Player 32↗2019-09-12

▶

📋Vendor Advisories

Red Hat

flash-plugin: Arbitrary Code Execution vulnerabilities (APSB19-46)↗2019-09-10

▶

💬Community

Bugzilla

CVE-2019-8069 CVE-2019-8070 flash-plugin: Arbitrary Code Execution vulnerabilities (APSB19-46)↗2019-09-10

▶