VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 6, 2015· Updated May 6, 2026

CVE-2015-0325

CVE-2015-0325

Description

Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-0326 and CVE-2015-0328.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player before 13.0.0.269 and 16.0.0.305 on Windows/OS X, or 11.2.202.442 on Linux, is vulnerable to a NULL pointer dereference via unknown vectors, causing denial of service.

Vulnerability

Adobe Flash Player versions prior to 13.0.0.269 and versions 14.x through 16.x before 16.0.0.305 on Windows and OS X, as well as versions before 11.2.202.442 on Linux, contain a NULL pointer dereference vulnerability. The issue is triggered via unknown vectors and is distinct from CVE-2015-0326 and CVE-2015-0328 [2][3].

Exploitation

An attacker can exploit this vulnerability by delivering a crafted SWF file through a web page or other vector. No authentication is required; the attack can be performed remotely over a network. The exact sequence of steps is not publicly detailed, but the vulnerability can be triggered by convincing a user to visit a malicious site [1][2][3].

Impact

Successful exploitation leads to a denial of service due to a NULL pointer dereference. The official description also notes the possibility of unspecified other impact, though the primary outcome is application crash or termination [2][3].

Mitigation

Adobe released fixed versions: 13.0.0.269 or later, 16.0.0.305 or later (Windows/OS X), and 11.2.202.442 or later (Linux). Red Hat, Gentoo, and Microsoft have released corresponding updates [1][2][3]. Users should update their Flash Player installation immediately.

References
  1. Microsoft Security Advisory 2755801
  2. http://rhn.redhat.com/errata/RHSA-2015-0140.html
  3. Multiple vulnerabilities (GLSA 201502-02) — Gentoo security

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

18
  • Adobe Inc./Flashplayer15 versions
    cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 14 more
    • cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.440
    • cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
  • Adobe Inc./Flash Playerllm-fuzzy
    Range: <13.0.0.269 (Windows/OS X), <11.2.202.442 (Linux), 14.x-16.x <16.0.0.305 (Windows/OS X)
  • osv-coords2 versions
    pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
    < 11.2.202.442-67.1+ 1 more
    • (no CPE)range: < 11.2.202.442-67.1
    • (no CPE)range: < 11.2.202.442-67.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

13

News mentions

0

No linked articles in our index yet.