Versions of Adobe AIR prior to 20.0.0.260 are outdated and thus unpatched for the following vulnerabilities :
- A flaw exists in an overflow condition that is triggered as user-supplied input is not properly validated when handling input to the ‘BitmapData.drawWithQuality()’ method. This may allow a context-dependent attacker to cause a heap-based buffer overflow and potentially execute arbitrary code. (CVE-2016-0964)
- A flaw exists that is triggered as user-supplied input is not properly validated when handling images. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-0965)
- A flaw exists that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-0966)
- A flaw exists that is triggered as user-supplied input is not properly validated when handling H.264 media content. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-0967)
- A flaw exists that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981)
- A flaw exists in an overflow condition that is triggered as the ‘URLStream’ class does not properly validate input during ATF processing. This may allow a context-dependent attacker to cause a heap-based buffer overflow and potentially execute arbitrary code. (CVE-2016-0971)
- A flaw exists in a ‘use-after-free’ error that is triggered when handling ‘URLRequest’ objects. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-0973)
- A flaw exists in a ‘use-after-free’ error that is triggered when handling input to the ‘LoadVars.decode()’ method. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-0974)
- A flaw exists in a ‘use-after-free’ error in the handling of ‘instanceof’, which may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-0975)
- A flaw exists in a ‘use-after-free’ error, which may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. No further details have been provided. (CVE-2016-0982, CVE-2016-0983)
- A flaw exists in a use-after-free error that is triggered when handling the ‘Sound.loadPCMFromByteArray()’ method. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-0984)
- An unspecified type confusion flaw exists that is triggered when handling ‘TextField’ objects. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-0985)