Exploited
critical
9.3
CWE
190 189
Advisory Published
Updated

CVE-2015-8651: Adobe Flash Player Integer Overflow Vulnerability

First published: Mon Dec 28 2015(Updated: )

Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.

Credit: psirt@adobe.com psirt@adobe.com

Affected SoftwareAffected VersionHow to fix
Macromedia Flash Player
All of
Any of
Adobe AIR<20.0.0.233
Adobe AIR SDK & Compiler<20.0.0.233
Any of
iPhone OS
Apple iOS and macOS
Android
Microsoft Windows Operating System
All of
Macromedia Flash Player<11.2.202.559
Linux Kernel
All of
Adobe<20.0.0.233
Any of
Apple iOS and macOS
Android
Microsoft Windows Operating System
All of
Any of
Macromedia Flash Player<18.0.0.324
Macromedia Flash Player>=19.0.0.185<20.0.0.267
Any of
Apple iOS and macOS
Microsoft Windows Operating System
Red Hat Enterprise Linux Desktop=5.0
Red Hat Enterprise Linux Desktop=6.0
Red Hat Enterprise Linux Server=5.0
Red Hat Enterprise Linux Server=6.0
Red Hat Enterprise Linux Workstation=5.0
Red Hat Enterprise Linux Workstation=6.0
Evergreen ILS=11.4
openSUSE=13.1
openSUSE=13.2
SUSE Linux Enterprise Desktop=11-sp3
SUSE Linux Enterprise Desktop=11-sp4
SUSE Linux Enterprise Desktop=12
SUSE Linux Enterprise Desktop=12-sp1
SUSE Linux Workstation Extension=12
SUSE Linux Workstation Extension=12-sp1
HP Insight Control for Linux<7.6
HP Insight Control Server Provisioning<7.6
HP Matrix Operating Environment=7.6
HP System Management Homepage<7.6
HP Systems Insight Manager<7.6
HP Version Control Repository Manager<7.6
Adobe AIR<=20.0.0.204
Adobe AIR SDK & Compiler<=20.0.0.204
iPhone OS
Apple iOS and macOS
Android
Microsoft Windows Operating System
Macromedia Flash Player<=11.2.202.554
Linux Kernel
Adobe<=20.0.0.204
Macromedia Flash Player<=18.0.0.268
Macromedia Flash Player=19.0.0.185
Macromedia Flash Player=19.0.0.207
Macromedia Flash Player=19.0.0.226
Macromedia Flash Player=19.0.0.245
Macromedia Flash Player=20.0.0.228
Macromedia Flash Player=20.0.0.235

Remedy

The impacted product is end-of-life and should be disconnected if still in use.

Remedy

https://helpx.adobe.com/security/products/flash-player/apsb16-01.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2015-8651?

    CVE-2015-8651 is rated as critical due to its potential to allow remote code execution.

  • How do I fix CVE-2015-8651?

    To mitigate CVE-2015-8651, update Adobe Flash Player to version 18.0.0.324 or later, or update Adobe AIR to at least version 20.0.0.233.

  • Which versions of Adobe Flash Player are affected by CVE-2015-8651?

    Adobe Flash Player versions prior to 18.0.0.324, specifically 19.x and 20.x version before 20.0.0.267, are affected by CVE-2015-8651.

  • Is Adobe AIR affected by CVE-2015-8651?

    Yes, Adobe AIR versions before 20.0.0.233 are vulnerable to CVE-2015-8651.

  • What platforms are impacted by CVE-2015-8651?

    CVE-2015-8651 affects Adobe Flash Player on Windows, OS X, and Linux, as well as Adobe AIR across these platforms.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203