Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-0993.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HAdobe Air
APPAdobe≤ 20.0.0.233Adobe Air Desktop Runtime
APPAdobe≤ 20.0.0.260Adobe Air Sdk
APPAdobe≤ 20.0.0.260Adobe Air Sdk \& Compiler
APPAdobe≤ 20.0.0.260Adobe Flash Player
APPAdobe≤ 20.0.0.306≤ 11.2.202.569Adobe Flash Player Desktop Runtime
APPAdobe≤ 20.2.2.306Apple iOS
OSApplewszystkie wersjeApple Mac Os X
OSApplewszystkie wersjeGoogle Android
OSGooglewszystkie wersjeGoogle Chrome Os
OSGooglewszystkie wersjeLinux Kernel
OSLinuxwszystkie wersjeMicrosoft Windows
OSMicrosoftwszystkie wersjeMicrosoft Windows 10
OSMicrosoftwszystkie wersjeMicrosoft Windows 8.1
OSMicrosoftwszystkie wersjeSamsung X14j Firmware
OSSamsungt-ms14jakucb-1102.5
CISA KEV — detailsi
- Vendori
- Adobe ↗
- Producti
- Flash Player and AIR
- Added to KEVi
- May 25, 2022
- Remediation deadline (US Federal)i
- June 15, 2022(overdue)
The impacted products are end-of-life and should be disconnected if still in use.
Integer overflow vulnerability in Adobe Flash Player and AIR allows attackers to execute code.
Related vulnerabilities
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
Apple: Obejście Pointer Authentication w iOS, macOS i innych platformach