CVE-2015-0335
Description
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0333, and CVE-2015-0339.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Flash Player memory corruption vulnerability allows arbitrary code execution or denial of service via crafted SWF content.
Vulnerability
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X, and before 11.2.202.451 on Linux, contains a memory corruption vulnerability via unspecified vectors [1][2]. This can be triggered by processing crafted SWF content.
Exploitation
An attacker could exploit this by convincing a user to visit a malicious webpage or open a crafted Flash file. No special authentication is required; the attack is remote and user interaction is needed (e.g., clicking a link). The vulnerability is triggered via unspecified vectors.
Impact
Successful exploitation allows arbitrary code execution in the context of the user running Flash, or denial of service (memory corruption) [1][2]. This could lead to full system compromise, depending on user privileges.
Mitigation
Update to Adobe Flash Player 13.0.0.277, 17.0.0.134 (Windows/OS X), or 11.2.202.451 (Linux) which contain the fix [1]. Red Hat and Gentoo released advisories in March 2015 [1][2]. No workaround is known.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
19cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=13.0.0.264
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.305:*:*:*:*:*:*:*
- (no CPE)range: <17.0.0.134 (Windows/OS X) and <11.2.202.451 (Linux)
- osv-coords2 versionspkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.451-77.1+ 1 more
- (no CPE)range: < 11.2.202.451-77.1
- (no CPE)range: < 11.2.202.451-77.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- helpx.adobe.com/security/products/flash-player/apsb15-05.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00014.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00015.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00016.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00017.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0697.htmlnvd
- www.securitytracker.com/id/1031922nvd
- security.gentoo.org/glsa/201503-09nvd
News mentions
0No linked articles in our index yet.