CVE-2015-0312 : Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x throu

Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors.

Published 2015-01-28 22:59:02

Updated 2025-04-12 10:46:41

Source Adobe Systems Incorporated

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute code

Products affected by CVE-2015-0312

Adobe » Flash Player
Versions up to, including, (<=) 16.0.0.287
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Internet Explorer » Version: 10
When used together with: Microsoft » Internet Explorer » Version: 11
When used together with: Microsoft » Windows 8 » Version: N/A
When used together with: Microsoft » Windows 8.1 » Version: N/A
Adobe » Flash Player » For Chrome
Versions up to, including, (<=) 16.0.0.287
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*
Matching versions
When used together with: Apple » Macos » Version: N/A
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player
Versions up to, including, (<=) 11.2.202.438
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Adobe » Flash Player » Extended Support Edition
Versions up to, including, (<=) 13.0.0.262
cpe:2.3:a:adobe:flash_player:*:*:*:*:extended_support:*:*:*
Matching versions
When used together with: Apple » Macos » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player Desktop Runtime
Versions up to, including, (<=) 16.0.0.287
cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Macos » Version: N/A
When used together with: Microsoft » Windows » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2015-0312

EPSS FAQ

6.26%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 90 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-0312

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2015-0312

CWE-415 Double Free

The product calls free() twice on the same memory address.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-0312

http://www.securitytracker.com/id/1031634

Adobe Flash Player Double-Free Memory Error Lets Remote Users Execute Arbitrary Code - SecurityTracker
Third Party Advisory;VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/100394

Adobe Flash player code execution CVE-2015-0312 Vulnerability Report
Third Party Advisory;VDB Entry
http://secunia.com/advisories/62543

Sign in
Third Party Advisory

CVEs referencing this url
https://technet.microsoft.com/library/security/2755801

Microsoft Security Advisory 2755801 | Microsoft Docs
Third Party Advisory

CVEs referencing this url
http://secunia.com/advisories/62432

Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/72343

Third Party Advisory;VDB Entry
http://helpx.adobe.com/security/products/flash-player/apsb15-03.html

Adobe Security Bulletin
Patch;Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/62660

Sign in
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2015-0312

Products affected by CVE-2015-0312

Exploit prediction scoring system (EPSS) score for CVE-2015-0312

CVSS scores for CVE-2015-0312

CWE ids for CVE-2015-0312

References for CVE-2015-0312