CVE-2015-3080
Description
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Use-after-free in Adobe Flash Player's DisplacementMapFilter.mapBitmap property allows arbitrary code execution via crafted SWF.
Vulnerability
A use-after-free vulnerability exists in Adobe Flash Player's handling of BitmapData objects when accessing the DisplacementMapFilter.mapBitmap property. The flaw affects Flash Player versions before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X, as well as 11.2.202.460 on Linux. Adobe AIR, AIR SDK, and AIR SDK & Compiler versions before 17.0.0.172 are also affected [1][2].
Exploitation
An attacker can trigger the use-after-free by crafting a malicious SWF file that performs the following steps: (1) create a BitmapData and store it; (2) create a second BitmapData to instantiate a DisplacementMapFilter; (3) override the BitmapData constructor to place the first BitmapData on the AS2 stack; (4) define an object with a custom valueOf method that calls the DisplacementMapFilter.mapBitmap property; (5) call getPixel32 on the first BitmapData. During step 5, Flash caches the BitmapData reference, then enters valueOf, which accesses mapBitmap and frees the object, leading to a use-after-free when the cached reference is later dereferenced [2]. The attack requires no authentication and only that the victim opens the SWF in a browser or other Flash-enabled application.
Impact
Successful exploitation allows an attacker to execute arbitrary code with the privileges of the Flash plugin process. This can lead to full system compromise, including data theft, installation of malware, or further lateral movement within a network [1][3].
Mitigation
Adobe released fixed versions on May 12, 2015: Flash Player 13.0.0.289 and 17.0.0.188 for Windows and OS X, 11.2.202.460 for Linux; AIR 17.0.0.172. Red Hat and Gentoo advisories recommend updating to these versions [1][3]. No workaround is available; users must apply the patch.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
26cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <=17.0.0.144
- (no CPE)range: <17.0.0.172
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*range: <=17.0.0.144
- (no CPE)range: <17.0.0.172
cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*range: <=17.0.0.144
- (no CPE)range: <17.0.0.172
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=13.0.0.264
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*
- Range: <13.0.0.289, >=14.0.0.0 <17.0.0.188 (Windows/OS X), <11.2.202.460 (Linux)
- osv-coords2 versionspkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.460-83.1+ 1 more
- (no CPE)range: < 11.2.202.460-83.1
- (no CPE)range: < 11.2.202.460-83.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- helpx.adobe.com/security/products/flash-player/apsb15-09.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1005.htmlnvd
- www.securityfocus.com/bid/74608nvd
- www.securitytracker.com/id/1032285nvd
- security.gentoo.org/glsa/201505-02nvd
- www.exploit-db.com/exploits/37853/nvd
News mentions
0No linked articles in our index yet.