CVE-2015-8643
Description
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Use-after-free in Adobe Flash Player allows remote attackers to execute arbitrary code via unspecified vectors.
Vulnerability
A use-after-free vulnerability exists in Adobe Flash Player versions before 18.0.0.324 and 19.x through 20.x before 20.0.0.267 on Windows and OS X, and before 11.2.202.559 on Linux. It also affects Adobe AIR before 20.0.0.233, AIR SDK before 20.0.0.233, and AIR SDK & Compiler before 20.0.0.233. The flaw is triggered via unspecified vectors [1][2].
Exploitation
An attacker could exploit this vulnerability by enticing a user to open a specially crafted Flash file. This can be achieved through a malicious web page or email. No authentication is required, and user interaction is necessary [1].
Impact
Successful exploitation allows arbitrary code execution in the context of the affected user, potentially leading to full system compromise [2].
Mitigation
Adobe released Flash Player 18.0.0.324, 20.0.0.267, and 11.2.202.559, as well as AIR 20.0.0.233, to address this issue. Red Hat and Gentoo have also issued updates [1][2]. Users should update immediately; no workaround is available.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
19cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <=20.0.0.204
- (no CPE)range: <20.0.0.233
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*range: <=20.0.0.204
- (no CPE)range: <20.0.0.233
- cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*Range: <=20.0.0.204
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=18.0.0.268
- cpe:2.3:a:adobe:flash_player:19.0.0.185:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:19.0.0.207:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:19.0.0.226:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:20.0.0.235:*:*:*:*:*:*:*
- (no CPE)range: <18.0.0.324, 19.x-20.x <20.0.0.267 (Windows/OS X), <11.2.202.559 (Linux)
- osv-coords6 versionspkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1
< 11.2.202.559-0.32.1+ 5 more
- (no CPE)range: < 11.2.202.559-0.32.1
- (no CPE)range: < 11.2.202.559-0.32.1
- (no CPE)range: < 11.2.202.559-117.1
- (no CPE)range: < 11.2.202.559-117.1
- (no CPE)range: < 11.2.202.559-117.1
- (no CPE)range: < 11.2.202.559-117.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- helpx.adobe.com/security/products/flash-player/apsb16-01.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-2697.htmlnvd
- www.securityfocus.com/bid/79701nvd
- www.securitytracker.com/id/1034544nvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- security.gentoo.org/glsa/201601-03nvd
News mentions
0No linked articles in our index yet.