High severity7.8CISA KEVNVD Advisory· Published Dec 10, 2014· Updated Apr 21, 2026

CVE-2014-9163

Description

Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in December 2014.

Affected products

Adobe Inc./Flash Player
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Range: >=13.0,<13.0.0.259

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

helpx.adobe.com/security/products/flash-player/apsb14-27.htmlnvdVendor Advisory
github.com/cisagov/vulnrichment/issues/196nvdIssue Tracking
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.003
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000