← Back

CVE-2014-0502

nvd nist
Published: Feb 21, 2014Modified: Apr 21, 2026CISA KEV

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.

Affected (17)

Show all products
Adobe: Flash Player, Adobe Air Sdk, Adobe Air · Opensuse: Opensuse · Suse: Linux Enterprise Desktop · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Workstation
Adobe
3 products
Flash Player
Adobe Air Sdk
Adobe Air
Opensuse
1 product
Opensuse
Suse
1 product
Linux Enterprise Desktop
Redhat
5 products
Enterprise Linux Desktop
Enterprise Linux Eus
Enterprise Linux Server
Enterprise Linux Server Aus
Enterprise Linux Workstation
Configuration A
2 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Adobe
Flash Player
Before 11.7.700.269
Flash Player
From 11.8.800.94 to 12.0.0.70
Running on/withPlatform Versions
Apple
Mac Os X
All versions
Microsoft
Windows
All versions
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Adobe Air Sdk
Before 4.0.0.1628
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Flash Player
Before 11.2.202.341
Running on/withPlatform Versions
Linux
Linux Kernel
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Adobe Air
Before 4.0.0.1628
Running on/withPlatform Versions
Google
Android
All versions
Configuration E
4 vulnerable
Vulnerable SoftwareAffected Versions
Opensuse
Opensuse
Version 11.4
Opensuse
Version 12.3
Opensuse
Version 13.1
Linux Enterprise Desktop
Version 11 sp3
Configuration F
8 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Enterprise Linux Desktop
Version 5.0
Enterprise Linux Desktop
Version 6.0
Enterprise Linux Eus
Version 6.5
Redhat
Enterprise Linux Server
Version 5.0
Enterprise Linux Server
Version 6.0
Enterprise Linux Server Aus
Version 6.5
Redhat
Enterprise Linux Workstation
Version 5.0
Enterprise Linux Workstation
Version 6.0

Related CWEs

CWE-415
Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (17)

Source: psirt@adobe.com
Broken LinkPatchVendor Advisory
Source: psirt@adobe.com
Mailing List
Source: psirt@adobe.com
Mailing List
Source: psirt@adobe.com
Mailing List
Source: psirt@adobe.com
Third Party Advisory
Source: psirt@adobe.com
Third Party Advisory
Source: psirt@adobe.com
ExploitThird Party Advisory
Source: psirt@adobe.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.