VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 6, 2015· Updated May 6, 2026

CVE-2015-0322

CVE-2015-0322

Description

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, and CVE-2015-0320.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code via unspecified vectors.

Vulnerability

A use-after-free vulnerability exists in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X, and before 11.2.202.442 on Linux [1][2][3]. The flaw can be triggered via unspecified vectors, likely through a crafted SWF file [1].

Exploitation

An attacker can exploit this vulnerability by hosting a specially crafted SWF file on a website or injecting it into a web page. The victim must visit the malicious page or open the file, with no additional authentication required. Successful exploitation does not require user interaction beyond normal browsing [1][2][3].

Impact

Successful exploitation allows an attacker to execute arbitrary code in the context of the affected Flash Player process. This could lead to full system compromise, including data theft, installation of malware, or further escalation of privileges [1][2][3].

Mitigation

Adobe released fixed versions: Flash Player 13.0.0.269 and 16.0.0.305 for Windows/OS X, and 11.2.202.442 for Linux [1][2][3]. Microsoft provided updates for Internet Explorer and Edge via security advisory 2755801 [1]. Red Hat issued RHSA-2015-0140 for affected Linux distributions [2]. Gentoo released GLSA 201502-02 [3]. Users should update promptly.

References
  1. Microsoft Security Advisory 2755801
  2. http://rhn.redhat.com/errata/RHSA-2015-0140.html
  3. Multiple vulnerabilities (GLSA 201502-02) — Gentoo security

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

18
  • Adobe Inc./Flashplayer15 versions
    cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 14 more
    • cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.440
    • cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
  • Adobe Inc./Flash Playerllm-fuzzy
    Range: <13.0.0.269, >=14.0.0.0 <16.0.0.305 (Windows/OS X), <11.2.202.442 (Linux)
  • osv-coords2 versions
    pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
    < 11.2.202.442-67.1+ 1 more
    • (no CPE)range: < 11.2.202.442-67.1
    • (no CPE)range: < 11.2.202.442-67.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

14

News mentions

0

No linked articles in our index yet.