CVE-2015-8438

2015-12-1000:00:00

ubuntu.com

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.929 High

EPSS

Percentile

99.0%

JSON

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x
and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on
Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and
Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute
arbitrary code via a crafted XML object that is mishandled during a
toString call, a different vulnerability than CVE-2015-8446.

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchadobe-flashplugin< 1:20151208.1-0ubuntu0.12.04.1UNKNOWN
ubuntu14.04noarchadobe-flashplugin< 1:20151208.1-0ubuntu0.14.04.1UNKNOWN
ubuntu15.04noarchadobe-flashplugin< 1:20151208.1-0ubuntu0.15.04.1UNKNOWN
ubuntu15.10noarchadobe-flashplugin< 1:20151208.1-0ubuntu0.15.10.1UNKNOWN
ubuntu12.04noarchflashplugin-nonfree< 11.2.202.554ubuntu0.12.04.1UNKNOWN
ubuntu14.04noarchflashplugin-nonfree< 11.2.202.554ubuntu0.14.04.1UNKNOWN
ubuntu15.04noarchflashplugin-nonfree< 11.2.202.554ubuntu0.15.04.1UNKNOWN
ubuntu15.10noarchflashplugin-nonfree< 11.2.202.554ubuntu0.15.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	adobe-flashplugin	< 1:20151208.1-0ubuntu0.12.04.1	UNKNOWN
ubuntu	14.04	noarch	adobe-flashplugin	< 1:20151208.1-0ubuntu0.14.04.1	UNKNOWN
ubuntu	15.04	noarch	adobe-flashplugin	< 1:20151208.1-0ubuntu0.15.04.1	UNKNOWN
ubuntu	15.10	noarch	adobe-flashplugin	< 1:20151208.1-0ubuntu0.15.10.1	UNKNOWN
ubuntu	12.04	noarch	flashplugin-nonfree	< 11.2.202.554ubuntu0.12.04.1	UNKNOWN
ubuntu	14.04	noarch	flashplugin-nonfree	< 11.2.202.554ubuntu0.14.04.1	UNKNOWN
ubuntu	15.04	noarch	flashplugin-nonfree	< 11.2.202.554ubuntu0.15.04.1	UNKNOWN
ubuntu	15.10	noarch	flashplugin-nonfree	< 11.2.202.554ubuntu0.15.10.1	UNKNOWN