Unrated severityNVD Advisory· Published May 14, 2014· Updated May 6, 2026

CVE-2014-0519

Description

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0518, and CVE-2014-0520.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player and AIR SDK fail to enforce access restrictions, allowing attackers to bypass security controls via unspecified vectors.

Vulnerability

Adobe Flash Player versions before 13.0.0.214 on Windows and OS X, and before 11.2.202.359 on Linux, as well as Adobe AIR SDK before 13.0.0.111, contain an unspecified vulnerability that allows attackers to bypass intended access restrictions [1][2]. The exact code path is not disclosed, but the flaw affects the core security model of the Flash runtime.

Exploitation

An attacker can exploit this vulnerability by delivering a crafted SWF file or other Flash content to a victim. No authentication is required; the attack can be performed remotely via a web page or email. The exploitation does not require user interaction beyond normal browsing or opening the content [1][2].

Impact

Successful exploitation allows the attacker to bypass security restrictions, potentially leading to unauthorized actions such as reading local files, accessing cross-origin data, or executing arbitrary code with the privileges of the affected Flash Player process [2]. The exact impact depends on the specific bypass achieved.

Mitigation

Adobe released fixed versions: Flash Player 13.0.0.214 (Windows/OS X) and 11.2.202.359 (Linux), and AIR SDK 13.0.0.111 [1]. Users should update to these versions or later. Red Hat and Gentoo have issued advisories urging updates [1][2]. No workaround is available; upgrading is the only mitigation.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Adobe Inc./Air
cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*
Range: <13.0.0.111
Adobe Inc./Flashplayer
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Range: >=13.0,<13.0.0.214
GNU/Flash Playerllm-fuzzy
Range: before 13.0.0.214 on Windows/OS X and before 11.2.202.359 on Linux
Adobe Inc./Air Sdkllm-fuzzy
Range: <13.0.0.111
Adobe Inc./Air Sdk \& Compilerllm-fuzzy
Range: <13.0.0.111

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

helpx.adobe.com/security/products/flash-player/apsb14-14.htmlnvdVendor Advisory
lists.opensuse.org/opensuse-security-announce/2014-05/msg00008.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-updates/2014-05/msg00051.htmlnvdMailing ListThird Party Advisory
rhn.redhat.com/errata/RHSA-2014-0496.htmlnvdThird Party Advisory
security.gentoo.org/glsa/glsa-201406-08.xmlnvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000