Vulnerability CVE-2017-3001: Information
Description
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to garbage collection in the ActionScript 2 VM. Successful exploitation could lead to arbitrary code execution.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
adobe-flash-player-ppapi | p9 | 25-alt1.S1 | 32-alt118 | ALT-PU-2017-1308-1 | 180549 | Fixed |
adobe-flash-player-ppapi | p8 | 25-alt1.M80P.1 | 32-alt118 | ALT-PU-2017-1315-1 | 180550 | Fixed |
adobe-flash-player-ppapi | c9f2 | 25-alt1.S1 | 32-alt115 | ALT-PU-2017-1308-1 | 180549 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://helpx.adobe.com/security/products/flash-player/apsb17-07.html |
|
96861 |
|
GLSA-201703-02 |
|
1037994 |
|
RHSA-2017:0526 |
|