← Back

CVE-2015-3107

nvd nist
Published: Jun 10, 2015Modified: May 6, 2026

JSON object

Loading...
10.0
Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 10.0 / Impact: 10.0
Source: NVD

Description

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3106.

Affected (25)

Adobe
4 products
Air
Flash Player
Air Sdk
Air Sdk & Compiler
Google
1 product
Android
Opensuse
1 product
Evergreen
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Air
Up to 17.0.0.144
Android
All versions
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Evergreen
Version 11.4
Configuration C
18 vulnerable
Vulnerable SoftwareAffected Versions
Adobe
Flash Player
Up to 13.0.0.289
Flash Player
Version 14.0.0.125
Flash Player
Version 14.0.0.145
Flash Player
Version 14.0.0.176
Flash Player
Version 14.0.0.179
Flash Player
Version 15.0.0.152
Flash Player
Version 15.0.0.167
Flash Player
Version 15.0.0.189
Flash Player
Version 15.0.0.223
Flash Player
Version 15.0.0.239
Flash Player
Version 15.0.0.246
Flash Player
Version 16.0.0.235
Flash Player
Version 16.0.0.257
Flash Player
Version 16.0.0.287
Flash Player
Version 16.0.0.296
Flash Player
Version 17.0.0.134
Flash Player
Version 17.0.0.169
Flash Player
Version 17.0.0.188
Configuration D
3 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Air
Up to 17.0.0.172
Air Sdk
Up to 17.0.0.172
Air Sdk & Compiler
Up to 17.0.0.172
Running on/withPlatform Versions
Apple
Mac Os X
All versions
Microsoft
Windows
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Flash Player
Up to 11.2.202.460
Running on/withPlatform Versions
Linux
Linux Kernel
All versions

Related CWEs

CWE-416
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (22)

Source: psirt@adobe.com
Source: psirt@adobe.com
Source: psirt@adobe.com
Source: psirt@adobe.com
Third Party Advisory
Source: psirt@adobe.com
Source: psirt@adobe.com
Third Party AdvisoryVDB Entry
Source: psirt@adobe.com
Source: psirt@adobe.com
PatchVendor Advisory
Source: psirt@adobe.com
Source: psirt@adobe.com
Source: psirt@adobe.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.