CVE-2015-8655

EPSS 1.75%
Published 04.03.2016 23:59:04
Last modified 12.04.2025 10:46:40
Source psirt@adobe.com
Teams watchlist Login
Open Login

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted MPEG-4 data, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8821, and CVE-2015-8822.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Adobe ≫ Flash Player Version <= 11.2.202.548

Linux ≫ Linux Kernel Version-

Adobe ≫ Flash Player Desktop Runtime Version <= 19.0.0.245

Apple ≫ macOS X Version-
Microsoft ≫ Windows Version-

Adobe ≫ Flash Player SwEditionesr Version <= 18.0.0.261

Apple ≫ macOS X Version-
Microsoft ≫ Windows Version-

Adobe ≫ Flash Player SwPlatforminternet_explorer Version <= 19.0.0.245

   Microsoft ≫ Windows 10 Version-
   Microsoft ≫ Windows 8 Version-
   Microsoft ≫ Windows 8.1 Version-

Adobe ≫ Flash Player SwPlatformchrome Version <= 19.0.0.245

   Apple ≫ macOS X Version-
   Google ≫ Chrome Os Version-
   Linux ≫ Linux Kernel Version-
   Microsoft ≫ Windows Version-

Adobe ≫ Flash Player SwPlatformedge Version <= 19.0.0.245

Microsoft ≫ Windows 10 Version-

Adobe ≫ Air Desktop Runtime Version <= 19.0.0.241

Apple ≫ macOS X Version-
Microsoft ≫ Windows Version-

Adobe ≫ Air Sdk Version <= 19.0.0.241

   Apple ≫ iPhone OS Version-
   Apple ≫ macOS X Version-
   Google ≫ Android Version-
   Microsoft ≫ Windows Version-

Adobe ≫ Air Version <= 19.0.0.241

Google ≫ Android Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.75%	0.817

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://helpx.adobe.com/security/products/flash-player/apsb15-32.html

Patch

Vendor Advisory

http://www.securityfocus.com/bid/84162

Third Party Advisory

Broken Link

VDB Entry

http://www.zerodayinitiative.com/advisories/ZDI-15-655

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2015-8655

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-8655

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-8655

EUVD