Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-1862

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Jul, 2009 | 20:00
Updated At-30 Jul, 2025 | 01:47
Rejected At-
Credits

Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability

Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Known Exploited Vulnerabilities (KEV)
cisa.gov
Vendor:
Adobe Inc.Adobe
Product:Acrobat and Reader, Flash Player
Added At:08 Jun, 2022
Due At:22 Jun, 2022

Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability

Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).

Used in Ransomware

:

Unknown

CWE

:
CWE-94

Required Action:

For Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.

Additional Notes:

https://nvd.nist.gov/vuln/detail/CVE-2009-1862
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Jul, 2009 | 20:00
Updated At:30 Jul, 2025 | 01:47
Rejected At:
▼CVE Numbering Authority (CNA)

Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
vendor-advisory
x_refsource_SUNALERT
http://www.kb.cert.org/vuls/id/259425
third-party-advisory
x_refsource_CERT-VN
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99
x_refsource_MISC
http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html
vendor-advisory
x_refsource_APPLE
http://security.gentoo.org/glsa/glsa-200908-04.xml
vendor-advisory
x_refsource_GENTOO
http://support.apple.com/kb/HT3864
x_refsource_CONFIRM
http://isc.sans.org/diary.html?storyid=6847
x_refsource_MISC
http://www.adobe.com/support/security/bulletins/apsb09-13.html
x_refsource_CONFIRM
http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html
x_refsource_MISC
http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability
x_refsource_MISC
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
vendor-advisory
x_refsource_APPLE
http://bugs.adobe.com/jira/browse/FP-1265
x_refsource_MISC
http://www.adobe.com/support/security/bulletins/apsb09-10.html
x_refsource_CONFIRM
http://secunia.com/advisories/36374
third-party-advisory
x_refsource_SECUNIA
http://support.apple.com/kb/HT3865
x_refsource_CONFIRM
http://secunia.com/advisories/36193
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/36701
third-party-advisory
x_refsource_SECUNIA
http://www.adobe.com/support/security/advisories/apsa09-03.html
x_refsource_CONFIRM
http://news.cnet.com/8301-27080_3-10293389-245.html
x_refsource_MISC
http://www.securityfocus.com/bid/35759
vdb-entry
x_refsource_BID
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://www.kb.cert.org/vuls/id/259425
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99
Resource:
x_refsource_MISC
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://security.gentoo.org/glsa/glsa-200908-04.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://support.apple.com/kb/HT3864
Resource:
x_refsource_CONFIRM
Hyperlink: http://isc.sans.org/diary.html?storyid=6847
Resource:
x_refsource_MISC
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-13.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html
Resource:
x_refsource_MISC
Hyperlink: http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability
Resource:
x_refsource_MISC
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://bugs.adobe.com/jira/browse/FP-1265
Resource:
x_refsource_MISC
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-10.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/36374
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://support.apple.com/kb/HT3865
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/36193
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/36701
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.adobe.com/support/security/advisories/apsa09-03.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://news.cnet.com/8301-27080_3-10293389-245.html
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/35759
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://www.kb.cert.org/vuls/id/259425
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99
x_refsource_MISC
x_transferred
http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://security.gentoo.org/glsa/glsa-200908-04.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://support.apple.com/kb/HT3864
x_refsource_CONFIRM
x_transferred
http://isc.sans.org/diary.html?storyid=6847
x_refsource_MISC
x_transferred
http://www.adobe.com/support/security/bulletins/apsb09-13.html
x_refsource_CONFIRM
x_transferred
http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html
x_refsource_MISC
x_transferred
http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability
x_refsource_MISC
x_transferred
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://bugs.adobe.com/jira/browse/FP-1265
x_refsource_MISC
x_transferred
http://www.adobe.com/support/security/bulletins/apsb09-10.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/36374
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://support.apple.com/kb/HT3865
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/36193
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/36701
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.adobe.com/support/security/advisories/apsa09-03.html
x_refsource_CONFIRM
x_transferred
http://news.cnet.com/8301-27080_3-10293389-245.html
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/35759
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/259425
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200908-04.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://support.apple.com/kb/HT3864
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://isc.sans.org/diary.html?storyid=6847
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-13.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://bugs.adobe.com/jira/browse/FP-1265
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-10.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/36374
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://support.apple.com/kb/HT3865
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/36193
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/36701
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.adobe.com/support/security/advisories/apsa09-03.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://news.cnet.com/8301-27080_3-10293389-245.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/35759
Resource:
vdb-entry
x_refsource_BID
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
kev
dateAdded:
2022-06-08
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-1862
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
CVE-2009-1862 added to CISA KEV2022-06-08 00:00:00
Event: CVE-2009-1862 added to CISA KEV
Date: 2022-06-08 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 Jul, 2009 | 20:30
Updated At:03 Apr, 2025 | 19:53

Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2022-06-082022-06-22Adobe Acrobat and Reader, Flash Player Unspecified VulnerabilityFor Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.
Date Added: 2022-06-08
Due Date: 2022-06-22
Vulnerability Name: Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability
Required Action: For Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Adobe Inc.
adobe
>>acrobat>>Versions from 9.0(inclusive) to 9.1.2(inclusive)
cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>Versions from 9.0(inclusive) to 9.1.2(inclusive)
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>Versions from 9.0(inclusive) to 9.0.159.0(inclusive)
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>Versions from 10.0(inclusive) to 10.0.22.87(inclusive)
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-787Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-787
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Per: http://www.kb.cert.org/vuls/id/259425 "Adobe Flash is a widely deployed multimedia platform typically used to provide content in web sites. Adobe Flash Player, Reader, Acrobat, and other Adobe products include Flash support. Adobe Flash Player contains a code execution vulnerability. An attacker may be able to trigger this vulnerability by convincing a user to open a specially crafted Flash (SWF) file. The SWF file could be hosted or embedded in a web page or contained in a Portable Document Format (PDF) file. If an attacker can take control of a website or web server, trusted sites may exploit this vulnerability. This vulnerability affects Adobe Flash versions 9.0.159.0 and 10.0.22.87 and earlier 9.x and 10.x versions. Adobe Reader 9, Acrobat 9, and other Adobe products (including Photoshop CS3, PhotoShop Lightroom, Freehand MX, Fireworks) provide Flash support independent of Flash Player. As of 2009-07-22, Adobe Reader 9.1.2 includes Flash 9.0.155.0, which is likely vulnerable to issues addressed by Flash 9.0.159.0"

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.htmlcve@mitre.org
Broken Link
Vendor Advisory
http://bugs.adobe.com/jira/browse/FP-1265cve@mitre.org
Broken Link
http://isc.sans.org/diary.html?storyid=6847cve@mitre.org
Not Applicable
http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://news.cnet.com/8301-27080_3-10293389-245.htmlcve@mitre.org
Broken Link
http://secunia.com/advisories/36193cve@mitre.org
Broken Link
http://secunia.com/advisories/36374cve@mitre.org
Broken Link
http://secunia.com/advisories/36701cve@mitre.org
Broken Link
http://security.gentoo.org/glsa/glsa-200908-04.xmlcve@mitre.org
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1cve@mitre.org
Broken Link
http://support.apple.com/kb/HT3864cve@mitre.org
Third Party Advisory
http://support.apple.com/kb/HT3865cve@mitre.org
Third Party Advisory
http://www.adobe.com/support/security/advisories/apsa09-03.htmlcve@mitre.org
Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb09-10.htmlcve@mitre.org
Not Applicable
http://www.adobe.com/support/security/bulletins/apsb09-13.htmlcve@mitre.org
Not Applicable
http://www.kb.cert.org/vuls/id/259425cve@mitre.org
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/35759cve@mitre.org
Broken Link
Third Party Advisory
VDB Entry
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99cve@mitre.org
Broken Link
http://www.symantec.com/connect/blogs/next-generation-flash-vulnerabilitycve@mitre.org
Broken Link
http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.htmlaf854a3a-2127-422b-91ae-364da2661108
Broken Link
Vendor Advisory
http://bugs.adobe.com/jira/browse/FP-1265af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://isc.sans.org/diary.html?storyid=6847af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://news.cnet.com/8301-27080_3-10293389-245.htmlaf854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/36193af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/36374af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/36701af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://security.gentoo.org/glsa/glsa-200908-04.xmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://support.apple.com/kb/HT3864af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://support.apple.com/kb/HT3865af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.adobe.com/support/security/advisories/apsa09-03.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb09-10.htmlaf854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://www.adobe.com/support/security/bulletins/apsb09-13.htmlaf854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://www.kb.cert.org/vuls/id/259425af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/35759af854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
VDB Entry
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.symantec.com/connect/blogs/next-generation-flash-vulnerabilityaf854a3a-2127-422b-91ae-364da2661108
Broken Link
Hyperlink: http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://bugs.adobe.com/jira/browse/FP-1265
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://isc.sans.org/diary.html?storyid=6847
Source: cve@mitre.org
Resource:
Not Applicable
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://news.cnet.com/8301-27080_3-10293389-245.html
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/36193
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/36374
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/36701
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://security.gentoo.org/glsa/glsa-200908-04.xml
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://support.apple.com/kb/HT3864
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://support.apple.com/kb/HT3865
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.adobe.com/support/security/advisories/apsa09-03.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-10.html
Source: cve@mitre.org
Resource:
Not Applicable
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-13.html
Source: cve@mitre.org
Resource:
Not Applicable
Hyperlink: http://www.kb.cert.org/vuls/id/259425
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.securityfocus.com/bid/35759
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://bugs.adobe.com/jira/browse/FP-1265
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://isc.sans.org/diary.html?storyid=6847
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://news.cnet.com/8301-27080_3-10293389-245.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/36193
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/36374
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/36701
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://security.gentoo.org/glsa/glsa-200908-04.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://support.apple.com/kb/HT3864
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://support.apple.com/kb/HT3865
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.adobe.com/support/security/advisories/apsa09-03.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-10.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-13.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: http://www.kb.cert.org/vuls/id/259425
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.securityfocus.com/bid/35759
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-072209-2512-99
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link

Change History

0
Information is not available yet

Similar CVEs

4597Records found
CVE-2016-0964
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-43.25% / 97.41%
||
7 Day CHG~0.00%
Published-10 Feb, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kerneliphone_osflash_player_desktop_runtimeair_desktop_runtimeair_sdkair_sdk_\&_compilerwindowswindows_8.1mac_os_xandroidwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-0965
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-43.25% / 97.41%
||
7 Day CHG~0.00%
Published-10 Feb, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kerneliphone_osflash_player_desktop_runtimeair_desktop_runtimeair_sdkair_sdk_\&_compilerwindowswindows_8.1mac_os_xandroidwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-0971
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-50.06% / 97.74%
||
7 Day CHG~0.00%
Published-10 Feb, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kerneliphone_osflash_player_desktop_runtimeair_desktop_runtimeair_sdkair_sdk_\&_compilerwindowswindows_8.1mac_os_xandroidwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-0969
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.41% / 88.58%
||
7 Day CHG~0.00%
Published-10 Feb, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kerneliphone_osflash_player_desktop_runtimeair_desktop_runtimeair_sdkair_sdk_\&_compilerwindowswindows_8.1mac_os_xandroidwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-1033
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.19% / 86.46%
||
7 Day CHG~0.00%
Published-09 Apr, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, and CVE-2016-1032.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kerneliphone_osflash_player_desktop_runtimeair_desktop_runtimeair_sdkair_sdk_\&_compilerwindowswindows_8.1mac_os_xandroidwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-54216
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.88%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 21:01
Updated-14 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InCopy | Out-of-bounds Write (CWE-787)

InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-macoswindowsincopyInCopy
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-8658
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-6.68% / 90.85%
||
7 Day CHG~0.00%
Published-04 Mar, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, and CVE-2015-8820.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerchrome_oswindows_8linux_kerneliphone_osflash_player_desktop_runtimeair_desktop_runtimeair_sdkair_sdk_\&_compilerwindowswindows_8.1mac_os_xandroidwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-8657
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-6.68% / 90.85%
||
7 Day CHG~0.00%
Published-04 Mar, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8658, and CVE-2015-8820.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerchrome_oswindows_8linux_kerneliphone_osflash_player_desktop_runtimeair_desktop_runtimeair_sdkair_sdk_\&_compilerwindowswindows_8.1mac_os_xandroidwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20727
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.75% / 72.20%
||
7 Day CHG~0.00%
Published-15 Feb, 2024 | 12:18
Updated-01 Aug, 2024 | 21:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
[TianfuCup] out-of-bounds access vulnerability when parsing jpeg2000

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Readeracrobat_readeracrobat_reader_dc
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20741
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.82%
||
7 Day CHG~0.00%
Published-15 Feb, 2024 | 10:12
Updated-06 Aug, 2024 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Substance 3D Paint ICO Parsing Access Violation Write Vulnerability

Substance3D - Painter versions 9.1.1 and earlier are affected by a Write-what-where Condition vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_painterSubstance3D - Painter
CWE ID-CWE-123
Write-what-where Condition
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20739
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.26%
||
7 Day CHG~0.00%
Published-15 Feb, 2024 | 12:26
Updated-06 Dec, 2024 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-22647: Adobe Audition AVI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsauditionmacosAuditionaudition
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20772
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.25%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 13:02
Updated-05 Dec, 2024 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Media Encoder 2024 AI file parsing Stack based buffer overflow

Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosmedia_encoderMedia Encodermedia_encoder
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20756
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.76% / 81.83%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 15:54
Updated-04 Dec, 2024 | 22:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Bridge 2024 Out of Bound Write Remote Code Execution Vulnerability

Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsbridgemacosBridgebridge
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20785
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.18% / 40.16%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 19:18
Updated-02 Aug, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Indesign 2024 TIFF File Parsing Memory Corruption Remote Code Execution vulnerability

InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsindesignmacosInDesign Desktopindesign
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-54215
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.88%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 21:01
Updated-14 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InCopy | Out-of-bounds Write (CWE-787)

InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-macoswindowsincopyInCopy
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-54208
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.88%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 20:54
Updated-14 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InDesign Desktop | Out-of-bounds Write (CWE-787)

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-macoswindowsindesignInDesign Desktop
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-54206
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.88%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 20:54
Updated-14 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InDesign Desktop | Out-of-bounds Write (CWE-787)

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-macoswindowsindesignInDesign Desktop
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20743
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.82%
||
7 Day CHG~0.00%
Published-15 Feb, 2024 | 10:12
Updated-01 Aug, 2024 | 21:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Substance 3D Paint PSD Parsing Out-Of-Bounds Write Vulnerability

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_painterSubstance3D - Paintersubstance_3d_painter
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20745
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.09%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 14:59
Updated-04 Dec, 2024 | 22:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-22671: Adobe Premiere Pro AVI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowspremiere_promacosPremiere Propremiere_pro
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20781
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.18% / 40.16%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 19:18
Updated-02 Aug, 2024 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Indesign TIF File Parsing Heap Memory Corruption

InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsindesignmacosInDesign Desktopindesign
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20746
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.69%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 14:59
Updated-04 Dec, 2024 | 22:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Pro Out-of-bounds Write Arbitrary code execution

Premiere Pro versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowspremiere_promacosPremiere Propremiere_pro
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20783
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.18% / 40.16%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 19:18
Updated-02 Aug, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Indesign 2024 RLE File Parsing Heap Memory Corruption

InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsindesignmacosInDesign Desktopindesign
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-54213
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.88%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 20:54
Updated-14 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InDesign Desktop | Out-of-bounds Write (CWE-787)

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-macoswindowsindesignInDesign Desktop
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20728
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.75% / 72.20%
||
7 Day CHG~0.00%
Published-15 Feb, 2024 | 12:18
Updated-01 Aug, 2024 | 21:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-22727: Adobe Acrobat Pro DC Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Readeracrobat_readeracrobat_reader_dc
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20782
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.89%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 19:18
Updated-02 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Indesign WMF File Parsing Out Of Bound Write

InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsindesignmacosInDesign Desktopindesign
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20755
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.41% / 79.69%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 15:54
Updated-04 Dec, 2024 | 22:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Bridge PDF Parsing Heap Memory Corruption Remote Code Execution Vulnerability

Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsbridgemacosBridgebridge
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20744
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.82%
||
7 Day CHG~0.00%
Published-15 Feb, 2024 | 10:12
Updated-27 Aug, 2024 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Substance 3D Paint PICT Parsing Access Violation Write Vulnerability

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_painterSubstance3D - Paintersubstance_3d_painter
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20761
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.35%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 17:34
Updated-04 Dec, 2024 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate 2024 BMP File Parsing Out-Of-Bound Write Remote Code execution Vulnerability

Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsanimatemacosAnimate
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-8820
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-8.56% / 92.03%
||
7 Day CHG~0.00%
Published-04 Mar, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, and CVE-2015-8658.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerchrome_oswindows_8linux_kerneliphone_osflash_player_desktop_runtimeair_desktop_runtimeair_sdkair_sdk_\&_compilerwindowswindows_8.1mac_os_xandroidwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-54187
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.88%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 20:44
Updated-14 Aug, 2025 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Painter | Out-of-bounds Write (CWE-787)

Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_painterSubstance3D - Painter
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20740
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.82%
||
7 Day CHG~0.00%
Published-15 Feb, 2024 | 10:12
Updated-16 Aug, 2024 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Substance 3D Paint PSD Parsing Out-Of-Bounds Write Vulnerability

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_painterSubstance3D - Paintersubstance_3d_painter
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-54218
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.88%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 21:01
Updated-14 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InCopy | Out-of-bounds Write (CWE-787)

InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-macoswindowsincopyInCopy
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-54210
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.88%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 20:54
Updated-14 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InDesign Desktop | Out-of-bounds Write (CWE-787)

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-macoswindowsindesignInDesign Desktop
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-54222
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.88%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 21:46
Updated-14 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Stager | Out-of-bounds Write (CWE-787)

Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-macoswindowssubstance_3d_stagerSubstance3D - Stager
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-54221
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.88%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 21:01
Updated-14 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InCopy | Out-of-bounds Write (CWE-787)

InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-macoswindowsincopyInCopy
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-8656
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-6.68% / 90.85%
||
7 Day CHG~0.00%
Published-04 Mar, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8657, CVE-2015-8658, and CVE-2015-8820.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerchrome_oswindows_8linux_kerneliphone_osflash_player_desktop_runtimeair_desktop_runtimeair_sdkair_sdk_\&_compilerwindowswindows_8.1mac_os_xandroidwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-8652
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-5.73% / 90.09%
||
7 Day CHG~0.00%
Published-04 Mar, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, CVE-2015-8658, and CVE-2015-8820.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerchrome_oswindows_8linux_kerneliphone_osflash_player_desktop_runtimeair_desktop_runtimeair_sdkair_sdk_\&_compilerwindowswindows_8.1mac_os_xandroidwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-8654
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-5.73% / 90.09%
||
7 Day CHG~0.00%
Published-04 Mar, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8656, CVE-2015-8657, CVE-2015-8658, and CVE-2015-8820.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerchrome_oswindows_8linux_kerneliphone_osflash_player_desktop_runtimeair_desktop_runtimeair_sdkair_sdk_\&_compilerwindowswindows_8.1mac_os_xandroidwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-49569
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.88%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 20:08
Updated-14 Aug, 2025 | 01:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Viewer | Out-of-bounds Write (CWE-787)

Substance3D - Viewer versions 0.25 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_viewerSubstance3D - Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-36072
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.88% / 74.43%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 14:34
Updated-23 Apr, 2025 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Bridge SGI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsbridgeBridge
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-49530
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.47%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 22:01
Updated-10 Jul, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator | Out-of-bounds Write (CWE-787)

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.
Product-illustratormacoswindowsIllustrator
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-49573
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.88%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 20:36
Updated-14 Aug, 2025 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Modeler | Out-of-bounds Write (CWE-787)

Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-substance_3d_modelerSubstance3D - Modeler
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-36066
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.67% / 81.36%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 14:34
Updated-17 Sep, 2024 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Photoshop U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsphotoshopmacosPhotoshop
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-35994
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.73% / 71.75%
||
7 Day CHG~0.00%
Published-02 Sep, 2021 | 17:00
Updated-23 Apr, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe After Effects JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe After Effects version 18.2.1 (and earlier) is affected by an out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsafter_effectsAfter Effects
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-49563
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.88%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:01
Updated-14 Aug, 2025 | 01:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator | Out-of-bounds Write (CWE-787)

Illustrator versions 28.7.8, 29.6.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-macosillustratorwindowsIllustrator
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-36052
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-4.50% / 88.68%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 14:32
Updated-16 Sep, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XMPToolkit SDK ImportTIFF_CheckStandardMapping Memory Corruption

XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Debian GNU/LinuxAdobe Inc.
Product-xmp_toolkit_software_development_kitdebian_linuxXMP Toolkit
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-36049
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.82% / 73.45%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 14:32
Updated-23 Apr, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.
Product-bridgeBridge
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-36046
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.58% / 67.98%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 14:31
Updated-16 Sep, 2024 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XMP Toolkit SDK TIFF_MemoryReader::SortIFD function Memory Corruption

XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Debian GNU/LinuxAdobe Inc.
Product-xmp_toolkit_software_development_kitdebian_linuxXMP Toolkit
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-49526
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.47%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 22:01
Updated-10 Jul, 2025 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator | Out-of-bounds Write (CWE-787)

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.
Product-illustratormacoswindowsIllustrator
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-49570
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.88%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 20:29
Updated-14 Aug, 2025 | 01:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Photoshop Desktop | Out-of-bounds Write (CWE-787)

Photoshop Desktop versions 25.12.3, 26.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-macosphotoshopwindowsPhotoshop Desktop
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 91
  • 92
  • Next
Details not found