Unrated severityNVD Advisory· Published Apr 14, 2015· Updated May 6, 2026

CVE-2015-0354

Description

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player before 17.0.0.169 on Windows/OS X and before 11.2.202.457 on Linux is vulnerable to memory corruption that can lead to arbitrary code execution.

Vulnerability

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X, and before 11.2.202.457 on Linux, contains a memory corruption flaw that can be triggered via unspecified vectors [1][2]. This issue is distinct from other vulnerabilities disclosed in the same security bulletin.

Exploitation

An attacker can exploit this vulnerability by enticing a user to open a specially crafted Flash (SWF) file or visit a web page that loads malicious Flash content. The attacker requires no authentication, and the user interaction is limited to normal browsing or file opening. The exploit is triggered during memory operations as the Flash Player processes the crafted content [1][2].

Impact

Successful exploitation allows an attacker to execute arbitrary code in the context of the user running the Flash Player, or to cause a denial of service via application crash. This can lead to complete compromise of the affected system, including data theft, malware installation, or further escalation of privileges [2].

Mitigation

Adobe released fixed versions: 17.0.0.169 for Windows and OS X, and 11.2.202.457 for Linux. Red Hat and Gentoo advisories recommend updating to these versions as soon as possible [1][2]. There is no workaround available; the only effective mitigation is to apply the update.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Adobe Inc./Flashplayer17 versions
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.451
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
- (no CPE)range: before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux
OpenSUSE/openSUSE2 versions
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop Supplementary2 versions
cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Supplementary2 versions
cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Supplementary Eus
cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation Supplementary
cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Desktop2 versions
cpe:2.3:o:suse:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*
SUSE S.A./Suse Linux Workstation Extension
cpe:2.3:o:suse:suse_linux_workstation_extension:12.0:*:*:*:*:*:*:*
osv-coords2 versions
pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.457-80.1+ 1 more
- (no CPE)range: < 11.2.202.457-80.1
- (no CPE)range: < 11.2.202.457-80.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

helpx.adobe.com/security/products/flash-player/apsb15-06.htmlnvdPatchVendor Advisory
lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.htmlnvdThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.htmlnvdThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2015-0813.htmlnvdThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.htmlnvd
www.securityfocus.com/bid/74062nvd
www.securitytracker.com/id/1032105nvd
security.gentoo.org/glsa/201504-07nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000