VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 9, 2015· Updated May 6, 2026

CVE-2015-4431

CVE-2015-4431

Description

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, and CVE-2015-3134.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Memory corruption in Adobe Flash Player and AIR allows remote code execution or denial of service via unspecified vectors.

Vulnerability

Adobe Flash Player before 13.0.0.302, 14.x through 18.x before 18.0.0.203 on Windows and OS X, and before 11.2.202.481 on Linux, as well as Adobe AIR before 18.0.0.180 (including AIR SDK and AIR SDK & Compiler), are affected by a memory corruption vulnerability via unspecified vectors [1][2].

Exploitation

An attacker can exploit this vulnerability by delivering a crafted SWF file or via other unspecified vectors, likely requiring user interaction such as visiting a malicious website or opening a malicious file. No further details on exploitation are provided in the available references [1][2].

Impact

Successful exploitation allows an attacker to execute arbitrary code or cause a denial of service at the privilege level of the user running the vulnerable software [1][2].

Mitigation

Adobe has released updates: Flash Player 13.0.0.302 and 18.0.0.203 for Windows/OS X, 11.2.202.481 for Linux, and AIR 18.0.0.180. Users should upgrade to these versions immediately. No workaround is available [1][2].

References
  1. http://rhn.redhat.com/errata/RHSA-2015-1214.html
  2. Multiple vulnerabilities (GLSA 201507-13) — Gentoo security

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

30
  • Adobe Inc./Air2 versions
    cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <=18.0.0.144
    • (no CPE)range: before 18.0.0.180
  • Adobe Inc./Air Sdk2 versions
    cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*range: <=18.0.0.144
    • (no CPE)range: before 18.0.0.180
  • Adobe Inc./Air Sdk \& Compiler2 versions
    cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*range: <=18.0.0.144
    • (no CPE)range: before 18.0.0.180
  • Adobe Inc./Flashplayer21 versions
    cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 20 more
    • cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.468
    • cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:17.0.0.190:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:18.0.0.160:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:18.0.0.194:*:*:*:*:*:*:*
  • GNU/Flash Playerllm-fuzzy
    Range: before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux
  • osv-coords2 versions
    pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
    < 11.2.202.481-93.1+ 1 more
    • (no CPE)range: < 11.2.202.481-93.1
    • (no CPE)range: < 11.2.202.481-93.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.