Buffer overflow in Adobe Adobe_air

CVE-2013-1375

Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1…

Vulnerability class: Buffer Overflow

EPSS: 0.106 (93.4th percentile) — read the EPSS interpretation.

Affected products

Adobe Adobe_air — versions 1.0, 1.0.1, 1.0.8.4990
Adobe Adobe_air_sdk — versions 3.0.0.4080, 3.1.0.488, 3.2.0.2070
Adobe Adobe_air_sdk_and_compiler
Adobe Flash_player — versions 11.0, 11.0.1.152, 11.0.1.153
Adobe Flash_player_for_android — versions 10.1.106.17, 10.2.157.51, 10.3.186.7
Apple Mac_os_x
Google Android — versions 2.0, 2.0.1, 2.1
Linux Linux_kernel
Microsoft Windows
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

openSUSE-SU-2013:0464 (vendor-advisory, x_refsource_SUSE)
openSUSE-SU-2013:0459 (vendor-advisory, x_refsource_SUSE)
psirt@adobe.com (x_refsource_CONFIRM, Vendor Advisory)
SUSE-SU-2013:0458 (vendor-advisory, x_refsource_SUSE)
HPSBMU02948 (x_refsource_HP, vendor-advisory)
RHSA-2013:0643 (x_refsource_REDHAT, vendor-advisory)