Unrated severityNVD Advisory· Published Feb 6, 2015· Updated May 6, 2026

CVE-2015-0316

Description

Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Memory corruption in Adobe Flash Player before fixed versions allows remote code execution via unspecified vectors.

Vulnerability

Adobe Flash Player before version 13.0.0.269 and versions 14.x through 16.x before 16.0.0.305 on Windows and OS X, and before version 11.2.202.442 on Linux, contains a memory corruption vulnerability [1][2][3]. The issue is reachable through unspecified vectors, likely crafted SWF content, and does not require special configuration beyond having the affected Flash Player version installed.

Exploitation

An attacker can exploit this vulnerability by delivering a malicious SWF file to a victim, typically via a compromised website or an email link. No special network position or authentication is required, as the vulnerable Flash Player processes the crafted content automatically. The exact exploitation mechanism is not disclosed but leverages the memory corruption to redirect execution flow [1][2][3].

Impact

Successful exploitation allows code execution with the privileges of the user running the Flash Player, or cause a denial of service. This can lead to full system compromise, including the ability to install programs, view, change, or delete data, and create new accounts [1][2][3].

Mitigation

Adobe released fixes: version 13.0.0.269/16.0.0.305 for Windows and OS X, and version 11.2.202.442 for Linux [1][2][3]. Microsoft and Red Hat also released corresponding updates for their platforms. Users should apply the updates immediately via official channels. No workarounds are available; the only mitigation is upgrading to a patched version [1][2][3].

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Adobe Inc./Flashplayer16 versions
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.440
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
- (no CPE)range: <13.0.0.269, >=14.0 <16.0.0.305 (Windows/OS X), <11.2.202.442 (Linux)
osv-coords2 versions
pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.442-67.1+ 1 more
- (no CPE)range: < 11.2.202.442-67.1
- (no CPE)range: < 11.2.202.442-67.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.009
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000