What is CVE-2015-8459?

CVE-2015-8459 is a critical-severity vulnerability in Adobe Air, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 10.0/10. Published 2015-12-28.

How severe is CVE-2015-8459?

Critical severity. CVSS v3 base score is 10.0 out of 10.

Buffer overflow in Adobe Air

CVE-2015-8459

Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 all…

Vulnerability class: Buffer Overflow

EPSS: 0.064 (91.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Adobe Air
Adobe Air_sdk
Adobe Air_sdk_\&_compiler
Adobe Flash_player — versions 19.0.0.185, 19.0.0.207, 19.0.0.226
Apple Iphone_os
Apple Mac_os_x
Google Android
Linux Linux_kernel
Microsoft Windows
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

openSUSE-SU-2015:2403 (vendor-advisory, x_refsource_SUSE)
1034544 (vdb-entry, x_refsource_SECTRACK)
RHSA-2015:2697 (x_refsource_REDHAT, vendor-advisory)
psirt@adobe.com (x_refsource_CONFIRM)
psirt@adobe.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
SUSE-SU-2015:2401 (vendor-advisory, x_refsource_SUSE)
psirt@adobe.com (x_refsource_CONFIRM)
79700 (vdb-entry, x_refsource_BID)
SUSE-SU-2015:2402 (vendor-advisory, x_refsource_SUSE)
openSUSE-SU-2015:2400 (vendor-advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2015-8459?: CVE-2015-8459 is a critical-severity vulnerability in Adobe Air, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 10.0/10. Published 2015-12-28.
How severe is CVE-2015-8459?: Critical severity. CVSS v3 base score is 10.0 out of 10.