CVE-2014-8439
25.11.2014, 23:59
Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.Enginsight
| Vendor | Product | Version |
|---|---|---|
| adobe | flash_player | 𝑥 ≤ 11.2.202.418 |
| adobe | air | 𝑥 ≤ 15.0.0.292 |
| adobe | air_sdk | 𝑥 ≤ 15.0.0.301 |
| adobe | air_sdk_\&_compiler | 𝑥 < 15.0.0.302 |
| adobe | flash_player | 𝑥 ≤ 15.0.0.223 |
| adobe | flash_player | 𝑥 ≤ 13.0.0.252 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| adobe-flashplugin |
| ||||||||
| flashplugin-nonfree |
|
Common Weakness Enumeration
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
- CWE-416 - Use After FreeReferencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
References