CVE-2015-8438

Publication date 10 December 2015

Last updated 24 July 2024

Ubuntu priority

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via a crafted XML object that is mishandled during a toString call, a different vulnerability than CVE-2015-8446.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
adobe-flashplugin	15.10 wily	Fixed 1:20151208.1-0ubuntu0.15.10.1
	15.04 vivid	Fixed 1:20151208.1-0ubuntu0.15.04.1
	14.04 LTS trusty	Fixed 1:20151208.1-0ubuntu0.14.04.1
	12.04 LTS precise	Fixed 1:20151208.1-0ubuntu0.12.04.1
flashplugin-nonfree	15.10 wily	Fixed 11.2.202.554ubuntu0.15.10.1
	15.04 vivid	Fixed 11.2.202.554ubuntu0.15.04.1
	14.04 LTS trusty	Fixed 11.2.202.554ubuntu0.14.04.1
	12.04 LTS precise	Fixed 11.2.202.554ubuntu0.12.04.1

CVE-2015-8438

Status

References

Other references