PT-2016-1664 · Adobe+3 · Flash Player+3

Published

2016-04-08

Updated

2023-01-30

CVE-2016-1018

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 18.0.0.343 Adobe Flash Player versions 19.x through 21.x prior to 21.0.0.213 on Windows and OS X Adobe Flash Player versions prior to 11.2.202.616 on Linux

Description The issue is caused by a stack-based buffer overflow in Adobe Flash Player. This can be exploited by a remote attacker using specially crafted JPEG-XR data, allowing them to execute arbitrary code.

Recommendations For Adobe Flash Player versions prior to 18.0.0.343, update to version 18.0.0.343 or later. For Adobe Flash Player versions 19.x through 21.x, update to version 21.0.0.213 or later on Windows and OS X. For Adobe Flash Player versions prior to 11.2.202.616 on Linux, update to version 11.2.202.616 or later. As a temporary workaround, consider avoiding the use of JPEG-XR data in Adobe Flash Player until a patch is available.

Fix

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-119

Related Identifiers

ALT-PU-2016-1305

BDU:2016-00990

CVE-2016-1018

MGASA-2016-0134

OPENSUSE-SU-2016_1306-1

RHSA-2016:0610

RHSA-2016_0610

SUSE-SU-2016:1305-1

ZDI-16-228

Affected Products

Alt Linux

Flash Player

Red Hat

Suse

PT-2016-1664 · Adobe+3 · Flash Player+3

CVE-2016-1018

Weakness Enumeration

Related Identifiers

Affected Products

References · 69