High severity8.8NVD Advisory· Published Mar 12, 2016· Updated Jun 17, 2026
CVE-2016-0994
CVE-2016-0994
Description
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code by using the actionCallMethod opcode with crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
18cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <=20.0.0.233
- (no CPE)range: <21.0.0.176
- cpe:2.3:a:adobe:air_desktop_runtime:*:*:*:*:*:*:*:*Range: <=20.0.0.260
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*range: <=20.0.0.260
- (no CPE)range: <21.0.0.176
- cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*Range: <=20.0.0.260
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.569
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*range: <=20.0.0.306
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*range: <=20.0.0.306
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*range: <=20.0.0.306
- (no CPE)range: <18.0.0.333 (Windows/OS X) and >19.x <21.0.0.182, and <11.2.202.577 (Linux)
- cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*Range: <=20.2.2.306
- cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:*:*:*:*:*:*:*
- osv-coords5 versionspkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1
< 11.2.202.577-0.38.1+ 4 more
- (no CPE)range: < 11.2.202.577-0.38.1
- (no CPE)range: < 11.2.202.577-123.1
- (no CPE)range: < 11.2.202.577-123.1
- (no CPE)range: < 11.2.202.577-123.1
- (no CPE)range: < 11.2.202.577-123.1
Patches
Vulnerability mechanics
References
9- helpx.adobe.com/security/products/flash-player/apsb16-08.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.htmlnvdBroken LinkMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.htmlnvdBroken LinkMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.htmlnvdBroken LinkMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.htmlnvdBroken LinkMailing ListThird Party Advisory
- www.securityfocus.com/bid/84312nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1035251nvdBroken LinkThird Party AdvisoryVDB Entry
- www.zerodayinitiative.com/advisories/ZDI-16-194/nvdThird Party AdvisoryVDB Entry
- security.gentoo.org/glsa/201603-07nvdThird Party Advisory
News mentions
0No linked articles in our index yet.