What is CVE-2017-2931?

CVE-2017-2931 is a high-severity vulnerability in Adobe Flash_player, classified under Out-of-bounds Write. CVSS score: 8.8/10. Published 2017-01-11.

How severe is CVE-2017-2931?

High severity. CVSS v3 base score is 8.8 out of 10.

Buffer overflow in Adobe Flash_player

CVE-2017-2931

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code execution.

Vulnerability class: Buffer Overflow

EPSS: 0.682 (98.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Adobe Flash_player
Apple Mac_os_x
Google Chrome_os
Linux Linux_kernel
Microsoft Windows
Microsoft Windows_10
Microsoft Windows_8.1
N/a Adobe Flash Player 24.0.0.186 And Earlier. — versions Adobe Flash Player 24.0.0.186 and earlier.

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

GLSA-201702-20 (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
psirt@adobe.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
RHSA-2017:0057 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
1037570 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK, Broken Link)
95350 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID, Broken Link)
41608 (Exploit, exploit, Third Party Advisory, VDB Entry, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2017-2931?: CVE-2017-2931 is a high-severity vulnerability in Adobe Flash_player, classified under Out-of-bounds Write. CVSS score: 8.8/10. Published 2017-01-11.
How severe is CVE-2017-2931?: High severity. CVSS v3 base score is 8.8 out of 10.