Unrated severityNVD Advisory· Published Mar 13, 2015· Updated May 6, 2026

CVE-2015-0342

Description

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0341.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Use-after-free vulnerability in Adobe Flash Player before 17.0.0.134 (Windows/OS X) and before 11.2.202.451 (Linux) allows arbitrary code execution via unspecified vectors.

Vulnerability

A use-after-free vulnerability exists in Adobe Flash Player versions before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X, and before 11.2.202.451 on Linux [1][2]. The flaw allows attackers to leverage unspecified vectors to corrupt memory, leading to arbitrary code execution. The root cause is a use-after-free condition, distinct from CVE-2015-0341 [description].

Exploitation

An attacker can exploit this vulnerability by convincing a user to open a specially crafted Flash (SWF) file, typically through a malicious web page or email attachment. No authentication or special network position is required beyond delivering the crafted content to the target. The unspecified vectors may involve heap manipulation or other memory-corruption techniques, but the exact steps are not publicly detailed.

Impact

Successful exploitation allows an attacker to execute arbitrary code in the context of the affected Flash Player process. This can lead to full compromise of the user's system, including data theft, installation of malware, or further lateral movement within a network. The impact is rated as critical, with a CVSS score reflecting high severity [description].

Mitigation

Mitigation is available by upgrading to the fixed versions: 13.0.0.277 or 17.0.0.134 for Windows/OS X, and 11.2.202.451 for Linux [1][2]. Red Hat and Gentoo advisories confirm these updates as of March 2015 [1][2]. No workaround is known; upgrading is the only reliable mitigation [2].

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Adobe Inc./Flashplayer16 versions
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.442
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.305:*:*:*:*:*:*:*
GNU/Flash Playerllm-fuzzy
Range: <=13.0.0.277, 14.x-17.x <17.0.0.134, <=11.2.202.451
osv-coords2 versions
pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.451-77.1+ 1 more
- (no CPE)range: < 11.2.202.451-77.1
- (no CPE)range: < 11.2.202.451-77.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000