High severity8.8NVD Advisory· Published Dec 28, 2015· Updated May 6, 2026

CVE-2015-8634

Description

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.

Affected products

Adobe Inc./Air
cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
Range: <=20.0.0.204
Adobe Inc./Air Sdk
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*
Range: <=20.0.0.204
Adobe Inc./Air Sdk \& Compiler
cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*
Range: <=20.0.0.204
Adobe Inc./Flash Player7 versions
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=18.0.0.268
- cpe:2.3:a:adobe:flash_player:19.0.0.185:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:19.0.0.207:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:19.0.0.226:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:20.0.0.235:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.038
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000