CVE-2016-1016

Published: 09 April 2016

Use-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via a flash.geom.Matrix callback, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1017, and CVE-2016-1031.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
adobe-flashplugin
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:20160407.1-0ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:20160407.1-0ubuntu0.14.04.1])
flashplugin-nonfree
Launchpad, Ubuntu, Debian
Upstream
Released (11.2.202.616)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (11.2.202.616ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [11.2.202.616ubuntu0.14.04.1])