CVE-2015-6678
Description
Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6676.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in Adobe Flash Player and AIR allows arbitrary code execution via crafted DefineText tag.
Vulnerability
A buffer overflow exists in Adobe Flash Player's handling of a specially crafted DefineText tag. The flaw occurs when a crafted DefineFont2 tag overflows a buffer of size TotalNumberOfGlyph * 2 bytes. Affected versions include Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X, before 11.2.202.521 on Linux, as well as Adobe AIR before 19.0.0.190 and AIR SDK before 19.0.0.190 [1][2].
Exploitation
An attacker can exploit this vulnerability by persuading a user to visit a malicious web page or open a malicious file that contains a crafted DefineText tag. User interaction is required. The specific flaw is triggered during the parsing of the DefineText tag, where a crafted DefineFont2 tag causes a buffer overflow [2].
Impact
Successful exploitation allows an attacker to execute arbitrary code in the context of the current user process, potentially leading to full system compromise. The vulnerability could also result in denial of service, information disclosure, or security bypass [1][2][3].
Mitigation
Adobe released security updates for Flash Player (version 18.0.0.241/19.0.0.185 on Windows and OS X, 11.2.202.521 on Linux) and AIR (version 19.0.0.190). Red Hat issued RHSA-2015:1814 to address the issue. Users should upgrade to the latest versions as soon as possible. No workarounds are available [1][2][3].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
35cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <=18.0.0.199
- (no CPE)range: <19.0.0.190
- cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*Range: <=18.0.0.180
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 24 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=13.0.0.289
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.190:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.191:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:18.0.0.160:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:18.0.0.194:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:18.0.0.203:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:18.0.0.209:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:18.0.0.232:*:*:*:*:*:*:*
- Range: <18.0.0.241, 19.x<19.0.0.185 (Windows/OS X) or <11.2.202.521 (Linux)
- osv-coords4 versionspkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.521-0.17.1+ 3 more
- (no CPE)range: < 11.2.202.521-0.17.1
- (no CPE)range: < 11.2.202.521-0.17.1
- (no CPE)range: < 11.2.202.521-102.1
- (no CPE)range: < 11.2.202.521-102.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- helpx.adobe.com/security/products/flash-player/apsb15-23.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1814.htmlnvd
- www.securityfocus.com/bid/76801nvd
- www.securitytracker.com/id/1033629nvd
- www.zerodayinitiative.com/advisories/ZDI-15-446nvd
- h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- security.gentoo.org/glsa/201509-07nvd
News mentions
0No linked articles in our index yet.