Unrated severityNVD Advisory· Published Feb 6, 2015· Updated May 6, 2026

CVE-2015-0326

Description

Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-0325 and CVE-2015-0328.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player before 13.0.0.269/16.0.0.305 on Windows/OS X and before 11.2.202.442 on Linux is vulnerable to a denial of service via NULL pointer dereference.

Vulnerability

Adobe Flash Player versions prior to 13.0.0.269 on Windows and OS X, 14.x through 16.x prior to 16.0.0.305 on Windows and OS X, and versions prior to 11.2.202.442 on Linux are affected by a NULL pointer dereference vulnerability [1]. The vulnerability is triggered via unknown vectors, and it is distinct from CVE-2015-0325 and CVE-2015-0328.

Exploitation

An attacker can exploit this vulnerability by crafting a malicious SWF file or webpage that causes a NULL pointer dereference in Flash Player. The attack requires no authentication and can be delivered remotely via web pages or email attachments. The specific details of the exploit vectors have not been disclosed by the vendor.

Impact

Successful exploitation leads to a denial of service condition, causing the affected Flash Player instance to crash. The description also notes the possibility of unspecified other impacts, but no additional details are provided. The crash affects the browser or application hosting the Flash Player.

Mitigation

Adobe released updates to address this vulnerability: Flash Player 13.0.0.269, 16.0.0.305, and 11.2.202.442 for the respective platforms [2][3]. Users should upgrade to these or later versions. For Windows and OS X, updates are available from Adobe; for Linux, users should obtain version 11.2.202.442 from their distribution. No workaround is available.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Adobe Inc./Flashplayer15 versions
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=13.0.0.264
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
GNU/Flash Playerllm-fuzzy
Range: <13.0.0.269 and >=14.0.0.0 <16.0.0.305 on Windows/OS X; <11.2.202.442 on Linux
osv-coords2 versions
pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.442-67.1+ 1 more
- (no CPE)range: < 11.2.202.442-67.1
- (no CPE)range: < 11.2.202.442-67.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000