Critical severity9.8CISA KEVNVD Advisory· Published Feb 5, 2014· Updated Apr 21, 2026

CVE-2014-0497

Description

Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.

Affected products

Adobe Inc./Flash Player
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Range: <11.2.202.336
Google/Chrome
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Range: <32.0.1700.107
OpenSUSE/openSUSE3 versions
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop2 versions
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Eus
cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server2 versions
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Aus
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation2 versions
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Desktop2 versions
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

helpx.adobe.com/security/products/flash-player/apsb14-04.htmlnvdBroken LinkPatchVendor Advisory
rhn.redhat.com/errata/RHSA-2014-0137.htmlnvdThird Party Advisory
secunia.com/advisories/56437nvdBroken LinkThird Party Advisory
secunia.com/advisories/56737nvdBroken LinkThird Party Advisory
secunia.com/advisories/56780nvdBroken LinkThird Party Advisory
secunia.com/advisories/56799nvdBroken LinkThird Party Advisory
secunia.com/advisories/56839nvdBroken LinkThird Party Advisory
www.exploit-db.com/exploits/33212nvdThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/65327nvdBroken LinkThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1029715nvdBroken LinkThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/90884nvdThird Party AdvisoryVDB Entry
googlechromereleases.blogspot.com/2014/02/stable-channel-update.htmlnvdRelease Notes
lists.opensuse.org/opensuse-security-announce/2014-02/msg00000.htmlnvdMailing List
lists.opensuse.org/opensuse-security-announce/2014-02/msg00001.htmlnvdMailing List
lists.opensuse.org/opensuse-security-announce/2014-02/msg00006.htmlnvdMailing List
www.osvdb.org/102849nvdBroken Link
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.075
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000