CVE-2017-2990

Publication date 15 February 2017

Last updated 25 August 2025


Ubuntu priority

Cvss 3 Severity Score

8.8 · High

Score breakdown

Description

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Successful exploitation could lead to arbitrary code execution.

Status

Package Ubuntu Release Status
adobe-flashplugin 16.10 yakkety
Fixed 1:20170214.1-0ubuntu0.16.10.1
16.04 LTS xenial
Fixed 1:20170214.1-0ubuntu0.16.04.1
14.04 LTS trusty
Fixed 1:20170214.1-0ubuntu0.14.04.1
12.04 LTS precise
Fixed 1:20170214.1-0ubuntu0.12.04.1
flashplugin-nonfree 16.10 yakkety
Fixed 24.0.0.221ubuntu0.16.10.1
16.04 LTS xenial
Fixed 24.0.0.221ubuntu0.16.04.1
14.04 LTS trusty
Fixed 24.0.0.221ubuntu0.14.04.1
12.04 LTS precise
Fixed 24.0.0.221ubuntu0.12.04.1

Severity score breakdown

CVSS version: CVSS v3.0

Base score 8.8 · High

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H


Access our resources on patching vulnerabilities