CVE-2008-4546

Publication date 14 October 2008

Last updated 24 July 2024

Description

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
adobe-flashplugin	10.04 LTS lucid	Fixed 10.1.53.64-1lucid1
	9.10 karmic	Fixed 10.1.53.64-1karmic1
	9.04 jaunty	Fixed 10.1.53.64-1jaunty1
	8.04 LTS hardy	Fixed 10.1.53.64-1
	6.06 LTS dapper	Not in release
flashplugin-nonfree	10.04 LTS lucid	Fixed 10.1.53.64ubuntu0.10.04.1
	9.10 karmic	Fixed 10.1.53.64ubuntu0.9.10.1
	9.04 jaunty	Fixed 10.1.53.64ubuntu0.9.04.1
	8.04 LTS hardy	Fixed 10.0.1.218+really9.0.277.0ubuntu1
	6.06 LTS dapper	Ignored end of life

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

http://www.adobe.com/support/security/bulletins/apsb10-14.html
https://www.cve.org/CVERecord?id=CVE-2008-4546