CVE-2015-8055
Description
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Use-after-free in Adobe Flash Player before specified versions allows attackers to execute arbitrary code via a malicious SWF file.
Vulnerability
A use-after-free vulnerability exists in Adobe Flash Player before versions 18.0.0.268 and 20.0.0.228 on Windows and OS X, and before 11.2.202.554 on Linux, as well as in Adobe AIR before 20.0.0.204 and related SDKs. The flaw affects the processing of specially crafted SWF files, leading to memory corruption. The exact code path requires the user to load a malicious Flash content, which can be delivered through a web page or other means.
Exploitation
An attacker can exploit this vulnerability by convincing a user to open a malicious SWF file, typically via a web browser or an application that renders Flash content. No authentication is required, and the attacker does not need prior access to the target system. The attack can be initiated remotely by hosting the malicious content on a website or embedding it in a document.
Impact
Successful exploitation allows the attacker to execute arbitrary code with the privileges of the affected user. This could lead to full system compromise, including potential denial of service, information disclosure, or bypass of security restrictions [1]. The vulnerability can be chained with other issues to achieve greater impact.
Mitigation
Adobe released patched versions: Flash Player 20.0.0.228 (Windows/OS X) or Flash Player 18.0.0.268 (for those on older channels), and Flash Player 11.2.202.554 (Linux). Adobe AIR was fixed in version 20.0.0.204. The Gentoo Linux advisory [1] recommends upgrading to version 11.2.202.559. No workarounds are available. Given that Flash Player is end-of-life, users should strongly consider removing the software entirely.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
17cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <=19.0.0.241
- (no CPE)range: <20.0.0.204
cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*range: <=19.0.0.241
- (no CPE)range: <20.0.0.204
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=18.0.0.261
- cpe:2.3:a:adobe:flash_player:19.0.0.185:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:19.0.0.207:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:19.0.0.226:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:*:*:*
- (no CPE)range: <18.0.0.268 (Windows/OS X), <20.0.0.228 (19.x/20.x Windows/OS X), <11.2.202.554 (Linux)
- osv-coords6 versionspkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1
< 11.2.202.554-0.29.1+ 5 more
- (no CPE)range: < 11.2.202.554-0.29.1
- (no CPE)range: < 11.2.202.554-0.29.1
- (no CPE)range: < 11.2.202.554-114.1
- (no CPE)range: < 11.2.202.554-114.1
- (no CPE)range: < 11.2.202.554-114.1
- (no CPE)range: < 11.2.202.554-114.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- helpx.adobe.com/security/products/flash-player/apsb15-32.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.htmlnvd
- www.securityfocus.com/bid/78715nvd
- www.securitytracker.com/id/1034318nvd
- security.gentoo.org/glsa/201601-03nvd
News mentions
0No linked articles in our index yet.