Unrated severityNVD Advisory· Published Feb 6, 2015· Updated May 6, 2026

CVE-2015-0314

Description

Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player before specified versions allows remote code execution or denial of service via memory corruption.

Vulnerability

A memory corruption vulnerability exists in Adobe Flash Player before 13.0.0.269, 14.x through 16.x before 16.0.0.305 on Windows and OS X, and before 11.2.202.442 on Linux. The flaw can be triggered by unspecified vectors, typically via crafted SWF content. This CVE is distinct from several other similarly patched vulnerabilities [1][2][3].

Exploitation

An attacker would need to deliver malicious SWF content to a victim, often through a web page or email attachment. No authentication is required; the user interaction is limited to opening the content in a browser or application that loads Flash. The exact sequence of operations to trigger memory corruption is not detailed in public references, but the vulnerability is remotely exploitable [1][3].

Impact

Successful exploitation could allow arbitrary code execution with the privileges of the user running Flash Player, leading to full system compromise. Alternatively, the memory corruption may cause a denial of service (application crash). The attacker gains the ability to execute commands, install programs, or view/alter data [1][2][3].

Mitigation

Adobe released fixed versions: 13.0.0.269 (or later) and 16.0.0.305 (or later) on Windows/OS X, and 11.2.202.442 on Linux. Microsoft provided an update for Flash in Internet Explorer and Edge via MS15-031 [1]. Red Hat [2] and Gentoo [3] also issued advisories. Users should apply the latest Flash Player update immediately. No workaround is available [3].

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Adobe Inc./Flashplayer16 versions
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.440
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
- (no CPE)range: < 13.0.0.269 (Windows/OS X), 14.x-16.x < 16.0.0.305 (Windows/OS X), < 11.2.202.442 (Linux)
osv-coords2 versions
pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.442-67.1+ 1 more
- (no CPE)range: < 11.2.202.442-67.1
- (no CPE)range: < 11.2.202.442-67.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.009
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000