CVE-2014-0502

Publication date 21 February 2014

Last updated 25 August 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

8.8 · High

Score breakdown

Description

Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.

Status

Package Ubuntu Release Status
adobe-flashplugin 13.10 saucy
Fixed 11.2.202.341-0saucy1
12.10 quantal
Fixed 11.2.202.341-0quantal1
12.04 LTS precise
Fixed 11.2.202.341-0precise1
10.04 LTS lucid Ignored end of life
flashplugin-nonfree 13.10 saucy
Fixed 11.2.202.341ubuntu0.13.10.1
12.10 quantal
Fixed 11.2.202.341ubuntu0.12.10.1
12.04 LTS precise
Fixed 11.2.202.341ubuntu0.12.04.1
10.04 LTS lucid Ignored end of life

Severity score breakdown

Parameter Value
Base score 8.8 · High
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Other references

Access our resources on patching vulnerabilities