What is CVE-2017-3079?

CVE-2017-3079 is a critical-severity vulnerability in Adobe Flash_player, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 9.8/10. Published 2017-06-20.

How severe is CVE-2017-3079?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Buffer overflow in Adobe Flash_player

CVE-2017-3079

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the internal representation of raster data. Successful exploitation could lead to arbitrary code execution.

Vulnerability class: Buffer Overflow

EPSS: 0.028 (86.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Adobe Flash_player
Apple Mac_os_x
Google Chrome_os
Linux Linux_kernel
Microsoft Windows
Microsoft Windows_10
Microsoft Windows_8.1
N/a Adobe Flash Player 25.0.0.171 And Earlier. — versions Adobe Flash Player 25.0.0.171 and earlier.

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

psirt@adobe.com (x_refsource_CONFIRM, Vendor Advisory)
psirt@adobe.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
psirt@adobe.com (vdb-entry, x_refsource_SECTRACK)
psirt@adobe.com (x_refsource_REDHAT, vendor-advisory)
psirt@adobe.com (vendor-advisory, x_refsource_GENTOO)

Frequently asked questions

What is CVE-2017-3079?: CVE-2017-3079 is a critical-severity vulnerability in Adobe Flash_player, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 9.8/10. Published 2017-06-20.
How severe is CVE-2017-3079?: Critical severity. CVSS v3 base score is 9.8 out of 10.