{"id":"UBUNTU-CVE-2015-5119","details":"Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.","modified":"2025-11-19T16:48:16Z","published":"2015-07-08T14:59:00Z","upstream":["CVE-2015-5119"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-5119"},{"type":"REPORT","url":"http://www.kb.cert.org/vuls/id/561288"},{"type":"REPORT","url":"https://helpx.adobe.com/security/products/flash-player/apsa15-03.html"},{"type":"REPORT","url":"https://packetstormsecurity.com/files/132600/Adobe-Flash-Player-ByteArray-Use-After-Free.html"},{"type":"REPORT","url":"http://twitter.com/w3bd3vil/statuses/618168863708962816"},{"type":"REPORT","url":"http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2015-5119"},{"type":"REPORT","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog"}],"affected":[{"package":{"name":"flashplugin-nonfree","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/flashplugin-nonfree@11.2.202.481ubuntu0.14.04.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.2.202.481ubuntu0.14.04.1"}]}],"versions":["11.2.202.310ubuntu1","11.2.202.327ubuntu0.13.10.1","11.2.202.332ubuntu1","11.2.202.335ubuntu1","11.2.202.336ubuntu1","11.2.202.341ubuntu1","11.2.202.346ubuntu1","11.2.202.350ubuntu1","11.2.202.356ubuntu0.14.04.1","11.2.202.359ubuntu0.14.04.1","11.2.202.378ubuntu0.14.04.1","11.2.202.394ubuntu0.14.04.1","11.2.202.400ubuntu0.14.04.1","11.2.202.406ubuntu0.14.04.1","11.2.202.406ubuntu0.14.04.2","11.2.202.411ubuntu0.14.04.1","11.2.202.418ubuntu0.14.04.1","11.2.202.424ubuntu0.14.04.1","11.2.202.425ubuntu0.14.04.1","11.2.202.429ubuntu0.14.04.1","11.2.202.438ubuntu0.14.04.1","11.2.202.440ubuntu0.14.04.1","11.2.202.442ubuntu0.14.04.1","11.2.202.451ubuntu0.14.04.1","11.2.202.457ubuntu0.14.04.1","11.2.202.460ubuntu0.14.04.1","11.2.202.466ubuntu0.14.04.1","11.2.202.468ubuntu0.14.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"11.2.202.481ubuntu0.14.04.1","binary_name":"flashplugin-downloader"},{"binary_version":"11.2.202.481ubuntu0.14.04.1","binary_name":"flashplugin-installer"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-5119.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}