CVE-2015-5581
Description
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5574, CVE-2015-5584, and CVE-2015-6682.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Use-after-free vulnerability in Adobe Flash Player enables arbitrary code execution via unspecified vectors.
Vulnerability
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows/OS X, before 11.2.202.521 on Linux, also affecting Adobe AIR before 19.0.0.190, AIR SDK, and AIR SDK & Compiler. The vulnerability is triggered via unspecified vectors [1].
Exploitation
An attacker can exploit this by delivering a crafted SWF file to a user, likely through a malicious website or email. No authentication is required; user interaction is needed (e.g., visiting a compromised site). The exact exploitation steps are not publicly disclosed, but the vulnerability is known to allow code execution.
Impact
Successful exploitation allows arbitrary code execution in the context of the affected user. This can lead to full system compromise, including data theft, malware installation, or further lateral movement. The CVSS score is 9.3 (Critical) indicating high impact on confidentiality, integrity, and availability.
Mitigation
Adobe released fixed versions: Flash Player 18.0.0.241 and 19.0.0.185 on Windows/OS X, 11.2.202.521 on Linux; AIR 19.0.0.190. Users should update immediately. Gentoo recommends upgrading to >=www-plugins/adobe-flash-11.2.202.521 [2]. No workaround is known [2].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
36cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <=18.0.0.143
- (no CPE)range: <19.0.0.190
cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*range: <=18.0.0.180
- (no CPE)range: <19.0.0.190
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 25 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.508
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.190:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.191:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:18.0.0.160:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:18.0.0.194:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:18.0.0.203:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:18.0.0.209:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:18.0.0.232:*:*:*:*:*:*:*
- (no CPE)range: <18.0.0.241 on Windows/OS X, <19.0.0.185 on Windows/OS X, <11.2.202.521 on Linux
- osv-coords4 versionspkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.521-0.17.1+ 3 more
- (no CPE)range: < 11.2.202.521-0.17.1
- (no CPE)range: < 11.2.202.521-0.17.1
- (no CPE)range: < 11.2.202.521-102.1
- (no CPE)range: < 11.2.202.521-102.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- helpx.adobe.com/security/products/flash-player/apsb15-23.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1814.htmlnvd
- www.securityfocus.com/bid/76795nvd
- www.securitytracker.com/id/1033629nvd
- h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- security.gentoo.org/glsa/201509-07nvd
News mentions
0No linked articles in our index yet.