Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 04 Feb 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2022-03-03'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 14 Aug 2024 00:00:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2025-07-30T01:46:44.229Z

Reserved: 2015-06-26T00:00:00.000Z

Link: CVE-2015-5119

cve-icon Vulnrichment

Updated: 2024-08-06T06:32:32.898Z

cve-icon NVD

Status : Deferred

Published: 2015-07-08T14:59:05.677

Modified: 2025-04-21T15:09:01.347

Link: CVE-2015-5119

cve-icon Redhat

Severity : Critical

Publid Date: 2015-07-07T00:00:00Z

Links: CVE-2015-5119 - Bugzilla

cve-icon OpenCVE Enrichment

No data.