Critical severity9.8CISA KEVNVD Advisory· Published Apr 7, 2016· Updated Apr 21, 2026

CVE-2016-1019

Description

Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.

Affected products

Adobe Inc./Air Desktop Runtime
cpe:2.3:a:adobe:air_desktop_runtime:*:*:*:*:*:*:*:*
Range: <=21.0.0.176
Adobe Inc./Air Sdk
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*
Range: <=21.0.0.176
Adobe Inc./Air Sdk \& Compiler
cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*
Range: <=21.0.0.176
Adobe Inc./Flash Player5 versions
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.577
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*range: <=21.0.0.197
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*range: <=21.0.0.197
- cpe:2.3:a:adobe:flash_player:*:*:*:*:esr:*:*:*range: <=18.0.0.333
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*range: <=21.0.0.197
Adobe Inc./Flash Player Desktop Runtime
cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*
Range: <=21.0.0.197

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050nvdPatchThird Party AdvisoryVendor Advisory
blogs.adobe.com/psirt/nvdBroken LinkVendor Advisory
rhn.redhat.com/errata/RHSA-2016-0610.htmlnvdThird Party Advisory
www.securityfocus.com/bid/85856nvdBroken LinkThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1035491nvdBroken LinkThird Party AdvisoryVDB Entry
helpx.adobe.com/security/products/flash-player/apsa16-01.htmlnvdVendor Advisory
helpx.adobe.com/security/products/flash-player/apsb16-10.htmlnvdVendor Advisory
security.gentoo.org/glsa/201606-08nvdThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-04/msg00009.htmlnvdBroken Link
lists.opensuse.org/opensuse-security-announce/2016-04/msg00010.htmlnvdBroken Link
lists.opensuse.org/opensuse-security-announce/2016-04/msg00012.htmlnvdBroken Link
lists.opensuse.org/opensuse-security-announce/2016-04/msg00055.htmlnvdBroken Link
lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.htmlnvdBroken Link
lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.htmlnvdBroken Link
github.com/cisagov/vulnrichment/issues/196nvdIssue Tracking
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
www.fireeye.com/blog/threat-research/2016/04/cve-2016-1019_a_new.htmlnvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.046
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.060