Vulnerability CVE-2017-2998: Information
Description
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitation could lead to arbitrary code execution.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
adobe-flash-player-ppapi | p9 | 25-alt1.S1 | 32-alt118 | ALT-PU-2017-1308-1 | 180549 | Fixed |
adobe-flash-player-ppapi | p8 | 25-alt1.M80P.1 | 32-alt118 | ALT-PU-2017-1315-1 | 180550 | Fixed |
adobe-flash-player-ppapi | c9f2 | 25-alt1.S1 | 32-alt115 | ALT-PU-2017-1308-1 | 180549 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://helpx.adobe.com/security/products/flash-player/apsb17-07.html |
|
96866 |
|
GLSA-201703-02 |
|
1037994 |
|
RHSA-2017:0526 |
|