CVE-2018-4871
First published: Tue Jan 09 2018(Updated: )
An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/flash-plugin | <28.0.0.137 | 28.0.0.137 |
| Redhat Enterprise Linux Desktop | =6.0 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Workstation | =6.0 | |
| Adobe Flash Player | <=28.0.0.126 | |
| Apple macOS | ||
| Google Chrome OS | ||
| Linux Linux kernel | ||
| Microsoft Windows | ||
| Adobe Flash Player | <=28.0.0.126 | |
| Adobe Flash Player | <=28.0.0.126 | |
| Microsoft Windows 10 | ||
| Microsoft Windows 8.1 | ||
| Adobe Flash Player | <=28.0.0.126 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-4871?
CVE-2018-4871 is an Out-of-bounds Read vulnerability in Adobe Flash Player before version 28.0.0.137.
How severe is CVE-2018-4871?
CVE-2018-4871 has a severity rating of 7.5 (High).
Which software is affected by CVE-2018-4871?
Adobe Flash Player versions before 28.0.0.137 are affected by CVE-2018-4871.
How can I fix CVE-2018-4871?
To fix CVE-2018-4871, update Adobe Flash Player to version 28.0.0.137 or later.
Where can I find more information about CVE-2018-4871?
You can find more information about CVE-2018-4871 at the following references: [1](http://www.securityfocus.com/bid/102465), [2](http://www.securitytracker.com/id/1040155), [3](https://access.redhat.com/errata/RHSA-2018:0081).
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-4871
- agent/software-canonical-lookup
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0
- vendor/adobe
- canonical/adobe flash player
- version/adobe flash player/28.0.0.126
- vendor/apple
- canonical/apple macos
- vendor/google
- canonical/google chrome os
- vendor/linux
- canonical/linux linux kernel
- vendor/microsoft
- canonical/microsoft windows
- canonical/microsoft windows 10
- canonical/microsoft windows 8.1
- package-manager/redhat