1. Home
  2. CVE Database
  3. CVE-2015-8446
HIGH · 9.3

CVE-2015-8446

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK ...

Vulnerability Description

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via an MP3 file with COMM tags that are mishandled during memory allocation, a different vulnerability than CVE-2015-8438.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
AdobeFlash Player<= 11.2.202.548
LinuxLinux KernelAll versions
AppleMac Os XAll versions
MicrosoftWindowsAll versions
AdobeAir<= 19.0.0.241
AdobeAir Sdk<= 19.0.0.241
AdobeAir Sdk \& Compiler<= 19.0.0.241
AppleIphone OsAll versions
GoogleAndroidAll versions

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2015-8446?

CVE-2015-8446 is a vulnerability with a CVSS score of 9.3 (HIGH). Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK ...

How severe is CVE-2015-8446?

CVE-2015-8446 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-8446?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Linux Linux Kernel, Apple Mac Os X, Microsoft Windows, Adobe Air.