What is CVE-2017-2935?

CVE-2017-2935 is a high-severity vulnerability in Adobe Flash_player, classified under Out-of-bounds Write. CVSS score: 8.8/10. Published 2017-01-11.

How severe is CVE-2017-2935?

High severity. CVSS v3 base score is 8.8 out of 10.

Buffer overflow in Adobe Flash_player

CVE-2017-2935

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitrary code execution.

Vulnerability class: Buffer Overflow

EPSS: 0.693 (98.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Adobe Flash_player
Apple Mac_os_x
Google Chrome_os
Linux Linux_kernel
Microsoft Windows
Microsoft Windows_10
Microsoft Windows_8.1
N/a Adobe Flash Player 24.0.0.186 And Earlier. — versions Adobe Flash Player 24.0.0.186 and earlier.

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

95347 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID, Broken Link)
GLSA-201702-20 (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
psirt@adobe.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
RHSA-2017:0057 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
1037570 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK, Broken Link)
41612 (Exploit, exploit, Third Party Advisory, VDB Entry, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2017-2935?: CVE-2017-2935 is a high-severity vulnerability in Adobe Flash_player, classified under Out-of-bounds Write. CVSS score: 8.8/10. Published 2017-01-11.
How severe is CVE-2017-2935?: High severity. CVSS v3 base score is 8.8 out of 10.