CVE-2015-3118
Description
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, and CVE-2015-5117.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Use-after-free in Adobe Flash Player's textfield.filters handling allows arbitrary code execution via crafted SWF.
Vulnerability
A use-after-free vulnerability exists in Adobe Flash Player when setting the TextFilter.filters array with a custom object. This affects Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X, before 11.2.202.481 on Linux, and Adobe AIR before 18.0.0.180 [1][2]. The bug occurs in the ActionScript 2 (AS2) code path when the filters property is assigned an object that overrides length, leading to a dangling pointer [2].
Exploitation
An attacker can exploit this by crafting a malicious SWF file that sets textfield.filters to a custom object. During the internal iteration over the filters array, the attacker's AS2 code can free the underlying object, causing a use-after-free when the Flash Player subsequently accesses the freed memory [2]. No authentication or special network position is required; the victim only needs to load the SWF in a vulnerable Flash Player instance.
Impact
Successful exploitation allows arbitrary code execution in the context of the user running the Flash Player. This can lead to full system compromise, including data theft, installation of malware, or further privilege escalation [1][3].
Mitigation
Adobe released fixed versions: Flash Player 18.0.0.203 (Windows/Mac), 11.2.202.481 (Linux), and AIR 18.0.0.180 on July 8, 2015 [1]. Users should update immediately. Red Hat and Gentoo have also issued advisories [1][3]. No workaround is available; updating is the only mitigation.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
29cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <=18.0.0.144
- (no CPE)range: <18.0.0.180
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*range: <=18.0.0.144
- (no CPE)range: <18.0.0.180
- cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*Range: <=18.0.0.144
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 21 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=13.0.0.289
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.190:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:18.0.0.160:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:18.0.0.194:*:*:*:*:*:*:*
- (no CPE)range: <13.0.0.302, >=14.0 <18.0.0.203
- osv-coords2 versionspkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.481-93.1+ 1 more
- (no CPE)range: < 11.2.202.481-93.1
- (no CPE)range: < 11.2.202.481-93.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- helpx.adobe.com/security/products/flash-player/apsb15-16.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1214.htmlnvd
- www.securityfocus.com/bid/75590nvd
- www.securitytracker.com/id/1032810nvd
- security.gentoo.org/glsa/201507-13nvd
- www.exploit-db.com/exploits/37848/nvd
News mentions
0No linked articles in our index yet.