CVE-2015-8426
Description
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Use-after-free in Adobe Flash Player's TextField.maxChars setter allows arbitrary code execution via crafted SWF.
Vulnerability
A use-after-free vulnerability exists in Adobe Flash Player in the TextField.maxChars setter. When the maxChars property is set to an object with a valueOf function, the valueOf can free the field's parent object, which is later used. This affects Flash Player before 18.0.0.268, 19.x and 20.x before 20.0.0.228 on Windows and OS X, before 11.2.202.554 on Linux, as well as Adobe AIR before 20.0.0.204 and related SDKs [1][2].
Exploitation
An attacker can exploit this by crafting a malicious SWF file that, when opened by a victim, triggers the use-after-free. The exploit requires user interaction (clicking or loading the SWF) and no special privileges. The valueOf method in the object set to maxChars can remove the parent movie clip, leading to a dangling pointer that is subsequently used [2].
Impact
Successful exploitation allows arbitrary code execution in the context of the user running Flash Player. This can lead to full system compromise, including data theft, installation of malware, or other malicious activities [1][2].
Mitigation
Adobe has released fixed versions: Flash Player 20.0.0.228 (and earlier branches), AIR 20.0.0.204, and corresponding SDKs. Linux users should upgrade to Flash Player 11.2.202.559 or later [1]. No workaround is available; users must update to the patched versions.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
18cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <=19.0.0.241
- (no CPE)range: < 20.0.0.204
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*range: <=19.0.0.241
- (no CPE)range: < 20.0.0.204
cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*range: <=19.0.0.241
- (no CPE)range: < 20.0.0.204
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.548
- cpe:2.3:a:adobe:flash_player:19.0.0.185:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:19.0.0.207:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:19.0.0.226:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:*:*:*
- Range: < 18.0.0.268 (Windows/OS X), < 20.0.0.228 (19.x/20.x), < 11.2.202.554 (Linux)
- osv-coords6 versionspkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1
< 11.2.202.554-0.29.1+ 5 more
- (no CPE)range: < 11.2.202.554-0.29.1
- (no CPE)range: < 11.2.202.554-0.29.1
- (no CPE)range: < 11.2.202.554-114.1
- (no CPE)range: < 11.2.202.554-114.1
- (no CPE)range: < 11.2.202.554-114.1
- (no CPE)range: < 11.2.202.554-114.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- helpx.adobe.com/security/products/flash-player/apsb15-32.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.htmlnvd
- www.securityfocus.com/bid/78715nvd
- www.securitytracker.com/id/1034318nvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- security.gentoo.org/glsa/201601-03nvd
- www.exploit-db.com/exploits/39650/nvd
News mentions
0No linked articles in our index yet.