VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 10, 2014· Updated May 6, 2026

CVE-2014-0553

CVE-2014-0553

Description

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Use-after-free in Adobe Flash Player before 13.0.0.244 and 15.0.0.152 on desktop, 11.2.202.406 on Linux, and AIR before 15.0.0.249 allows arbitrary code execution.

Vulnerability

A use-after-free vulnerability exists in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X, before 11.2.202.406 on Linux, as well as Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, and AIR SDK and AIR SDK & Compiler before 15.0.0.249 [1]. The flaw resides in the memory management of the Flash Player renderer and can be triggered by unspecified vectors involving crafted SWF content.

Exploitation

An attacker can exploit this vulnerability by enticing a user to visit a web page or open a specially crafted SWF file [1]. No authentication or special network position is required beyond the ability to deliver the malicious content to the target user. The exact sequence of operations to trigger the use-after-free condition has not been publicly detailed, but the vulnerability is remotely exploitable without user interaction beyond loading the content.

Impact

Successful exploitation allows an attacker to execute arbitrary code with the privileges of the affected Flash Player process [1]. This can lead to full compromise of the user's system, including data disclosure, installation of malware, or further privilege escalation depending on the environment. The impact is rated critical due to the potential for remote code execution.

Mitigation

Adobe released fixed versions: Flash Player 13.0.0.244 (Windows and OS X), 15.0.0.152 (Windows and OS X), 11.2.202.406 (Linux); AIR 15.0.0.249 (desktop) and 15.0.0.252 (Android); AIR SDK and AIR SDK & Compiler 15.0.0.249 [1]. Users should upgrade immediately. No workaround was available at the time of disclosure, as stated in the Gentoo advisory [1]. This CVE is not listed on the CISA KEV catalog as of the publication date.

References
  1. Multiple vulnerabilities (GLSA 201409-05) — Gentoo security

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

58
  • Adobe Inc./Air6 versions
    cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*range: <=14.0.0.179
    • cpe:2.3:a:adobe:adobe_air:13.0.0.111:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:13.0.0.83:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:14.0.0.110:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:14.0.0.137:*:*:*:*:*:*:*
    • (no CPE)range: <15.0.0.249 (Windows/OS X), <15.0.0.252 (Android)
  • Adobe Inc./Air Sdk6 versions
    cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*range: <=14.0.0.178
    • cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.111:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.83:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air_sdk:14.0.0.110:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air_sdk:14.0.0.137:*:*:*:*:*:*:*
    • (no CPE)range: <15.0.0.249
  • Adobe Inc./Flashplayer42 versions
    cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 41 more
    • cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=13.0.0.241
    • cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.350:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.356:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.359:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.378:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.394:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.182:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.201:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.206:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.214:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.223:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.231:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.144:*:*:*:*:*:*:*
    • (no CPE)range: <15.0.0.152 (Windows/OS X), <11.2.202.406 (Linux)
  • OpenSUSE/openSUSE3 versions
    cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  • SUSE S.A./Linux Enterprise Desktop
    cpe:2.3:o:suse:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

9

News mentions

0

No linked articles in our index yet.