Critical severity9.8CISA KEVNVD Advisory· Published Jul 8, 2015· Updated Apr 21, 2026
CVE-2015-5119
CVE-2015-5119
Description
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
Affected products
18cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
18- helpx.adobe.com/security/products/flash-player/apsa15-03.htmlnvdBroken LinkPatchVendor Advisory
- helpx.adobe.com/security/products/flash-player/apsb15-16.htmlnvdBroken LinkPatchVendor Advisory
- packetstormsecurity.com/files/132600/Adobe-Flash-Player-ByteArray-Use-After-Free.htmlnvdExploitThird Party AdvisoryVDB Entry
- lists.opensuse.org/opensuse-security-announce/2015-07/msg00015.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2015-07/msg00016.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.htmlnvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2015-1214.htmlnvdThird Party Advisory
- www.kb.cert.org/vuls/id/561288nvdThird Party AdvisoryUS Government Resource
- www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_hacking_team_uafnvdThird Party Advisory
- www.securityfocus.com/bid/75568nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1032809nvdBroken LinkThird Party AdvisoryVDB Entry
- www.us-cert.gov/ncas/alerts/TA15-195AnvdThird Party AdvisoryUS Government Resource
- security.gentoo.org/glsa/201507-13nvdThird Party Advisory
- blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/nvdBroken Link
- twitter.com/w3bd3vil/statuses/618168863708962816nvdBroken Link
- github.com/cisagov/vulnrichment/issues/196nvdIssue Tracking
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
0No linked articles in our index yet.