flashplugin: multiple issues

2014-01-15T00:00:00
ID ASA-201501-8
Type archlinux
Reporter Arch Linux
Modified 2014-01-15T00:00:00

Description

  • CVE-2015-0301

Improper file validation issue.

  • CVE-2015-0302 (information disclosure)

Information disclosure vulnerability that could be exploited to capture keystrokes on the affected system.

  • CVE-2015-0303, CVE-2015-0306 (arbitrary code execution)

Memory corruption vulnerabilities that could lead to code execution.

  • CVE-2015-0304, CVE-2015-0309 (arbitrary code execution)

Heap-based buffer overflow vulnerabilities that could lead to code execution

  • CVE-2015-0305 (arbitrary code execution)

Type confusion vulnerability that could lead to code execution.

  • CVE-2015-0307 (information disclosure)

Out-of-bounds read vulnerability that could be exploited to leak memory addresses.

  • CVE-2015-0308 (arbitrary code execution)

Use-after-free vulnerability that could lead to code execution.