CVE-2015-8438
Published: 10 December 2015
Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via a crafted XML object that is mishandled during a toString call, a different vulnerability than CVE-2015-8446.
Priority
Status
Package | Release | Status |
---|---|---|
adobe-flashplugin Launchpad, Ubuntu, Debian |
precise |
Released
(1:20151208.1-0ubuntu0.12.04.1)
|
trusty |
Released
(1:20151208.1-0ubuntu0.14.04.1)
|
|
upstream |
Released
(11.2.202.554)
|
|
vivid |
Released
(1:20151208.1-0ubuntu0.15.04.1)
|
|
wily |
Released
(1:20151208.1-0ubuntu0.15.10.1)
|
|
flashplugin-nonfree Launchpad, Ubuntu, Debian |
precise |
Released
(11.2.202.554ubuntu0.12.04.1)
|
trusty |
Released
(11.2.202.554ubuntu0.14.04.1)
|
|
upstream |
Released
(11.2.202.554)
|
|
vivid |
Released
(11.2.202.554ubuntu0.15.04.1)
|
|
wily |
Released
(11.2.202.554ubuntu0.15.10.1)
|