Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAdobe Flash Player
APPAdobe14.0.0.125 – 18.0.0.19413.0.0.182 – 13.0.0296≤ 11.2.202.468Apple Mac Os X
OSApplewszystkie wersjeLinux Kernel
OSLinuxwszystkie wersjeMicrosoft Windows
OSMicrosoftwszystkie wersjeOpensuse Evergreen
OSOpensuse11.4Opensuse
OSOpensuse13.113.2Red Hat Enterprise Linux Desktop
OSRedhat5.06.0Red Hat Enterprise Linux Eus
OSRedhat6.6Red Hat Enterprise Linux Server
OSRedhat5.06.0Red Hat Enterprise Linux Server Aus
OSRedhat6.6Red Hat Enterprise Linux Server From Rhui
OSRedhat5.06.0Red Hat Enterprise Linux Workstation
OSRedhat5.06.0SUSE Linux Enterprise Desktop
OSSuse1112SUSE Linux Enterprise Workstation Extension
OSSuse12
CISA KEV — detailsi
- Vendori
- Adobe ↗
- Producti
- Flash Player
- Added to KEVi
- March 3, 2022
- Remediation deadline (US Federal)i
- March 24, 2022(overdue)
The impacted product is end-of-life and should be disconnected if still in use.
A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.
Related vulnerabilities
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows