Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAdobe Flash Player
APPAdobe< 11.2.202.336< 11.7.700.26111.8.800.94 – 12.0.0.44 (bez)Apple macOS
OSApplewszystkie wersjeApple Mac Os X
OSApplewszystkie wersjeGoogle Chrome
APPGoogle< 32.0.1700.107Google Chrome Os
OSGooglewszystkie wersjeLinux Kernel
OSLinuxwszystkie wersjeMicrosoft Windows
OSMicrosoftwszystkie wersjeOpensuse
OSOpensuse11.412.313.1Red Hat Enterprise Linux Desktop
OSRedhat5.06.0Red Hat Enterprise Linux Eus
OSRedhat6.5Red Hat Enterprise Linux Server
OSRedhat5.06.0Red Hat Enterprise Linux Server Aus
OSRedhat6.5Red Hat Enterprise Linux Workstation
OSRedhat5.06.0SUSE Linux Enterprise Desktop
OSSuse11
CISA KEV — detailsi
- Vendori
- Adobe ↗
- Producti
- Flash Player
- Added to KEVi
- September 17, 2024
- Remediation deadline (US Federal)i
- October 8, 2024(overdue)
The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code.
Related vulnerabilities
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP