CVE-2015-0338
Description
Integer overflow in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Integer overflow in Adobe Flash Player before 13.0.0.277/17.0.0.134 (Windows/OS X) and 11.2.202.451 (Linux) allows arbitrary code execution.
Vulnerability
An integer overflow vulnerability exists in Adobe Flash Player versions before 13.0.0.277, 14.x through 17.x before 17.0.0.134 on Windows and OS X, and before 11.2.202.451 on Linux [1][2]. The flaw resides in how Flash Player handles certain malformed SWF files, leading to a memory corruption condition that can be triggered without authentication [2].
Exploitation
An attacker can exploit this vulnerability by convincing a victim to visit a crafted web page or open a malicious SWF file [2]. No special network position or user privileges are required beyond the ability to deliver the crafted content to the victim's browser or Flash-enabled application. The attacker does not need to authenticate to trigger the overflow [1][2].
Impact
Successful exploitation allows an attacker to execute arbitrary code with the privileges of the Flash Player process [1][2]. This can lead to full compromise of the affected system, including data theft, installation of malware, or further propagation within the victim's network [2].
Mitigation
Adobe released fixed versions: Flash Player 17.0.0.134 (Windows/OS X), 13.0.0.277 (Windows/OS X), and 11.2.202.451 (Linux) [1][2]. Users should update to these or later versions. No workarounds are known [2].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
19cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.442
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.305:*:*:*:*:*:*:*
- (no CPE)range: before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux
- osv-coords2 versionspkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.451-77.1+ 1 more
- (no CPE)range: < 11.2.202.451-77.1
- (no CPE)range: < 11.2.202.451-77.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- helpx.adobe.com/security/products/flash-player/apsb15-05.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00014.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00015.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00016.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00017.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0697.htmlnvd
- www.securitytracker.com/id/1031922nvd
- security.gentoo.org/glsa/201503-09nvd
News mentions
0No linked articles in our index yet.