CVE-2014-8439

Warning

EPSS 31.48%
Published 25.11.2014 23:59:00
Last modified 12.04.2025 10:46:40
Source psirt@adobe.com
Teams watchlist Login
Open Login

Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.

Affected products Warnungen 1 Metrics 3 CWE 2 References 14

Data is provided by the National Vulnerability Database (NVD)

Adobe ≫ Flash Player Version <= 11.2.202.418

Linux ≫ Linux Kernel Version-

Adobe ≫ Air Version <= 15.0.0.292

Adobe ≫ Air Sdk Version <= 15.0.0.301

Adobe ≫ Flash Player Version <= 15.0.0.223

Apple ≫ macOS Version-
Microsoft ≫ Windows Version-

Adobe ≫ Flash Player Version <= 13.0.0.252

Apple ≫ macOS X Version-
Microsoft ≫ Windows Version-

25.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe Flash Player Dereferenced Pointer Vulnerability

Vulnerability

Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution.

Description

The impacted product is end-of-life and should be disconnected if still in use.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	31.48%	0.966

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

http://helpx.adobe.com/security/products/flash-player/apsb14-22.html

Vendor Advisory

http://helpx.adobe.com/security/products/flash-player/apsb14-26.html

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00020.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00001.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00004.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2014-1915.html

Vendor Advisory