CVE-2018-4871
First published: Tue Jan 09 2018(Updated: )
An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/flash-plugin | <28.0.0.137 | 28.0.0.137 |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Workstation | =6.0 | |
| Macromedia Flash Player | <=28.0.0.126 | |
| macOS | ||
| Chrome OS | ||
| Linux Kernel | ||
| Microsoft Windows Operating System | ||
| Macromedia Flash Player | <=28.0.0.126 | |
| Macromedia Flash Player | <=28.0.0.126 | |
| Windows 10 | ||
| Microsoft Windows | ||
| Macromedia Flash Player | <=28.0.0.126 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-4871?
CVE-2018-4871 is an Out-of-bounds Read vulnerability in Adobe Flash Player before version 28.0.0.137.
How severe is CVE-2018-4871?
CVE-2018-4871 has a severity rating of 7.5 (High).
Which software is affected by CVE-2018-4871?
Adobe Flash Player versions before 28.0.0.137 are affected by CVE-2018-4871.
How can I fix CVE-2018-4871?
To fix CVE-2018-4871, update Adobe Flash Player to version 28.0.0.137 or later.
Where can I find more information about CVE-2018-4871?
You can find more information about CVE-2018-4871 at the following references: [1](http://www.securityfocus.com/bid/102465), [2](http://www.securitytracker.com/id/1040155), [3](https://access.redhat.com/errata/RHSA-2018:0081).
- agent/references
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-4871
- agent/software-canonical-lookup
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/redhat
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/6.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/6.0
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/6.0
- vendor/adobe
- canonical/macromedia flash player
- version/macromedia flash player/28.0.0.126
- vendor/apple
- canonical/macos
- vendor/google
- canonical/chrome os
- vendor/linux
- canonical/linux kernel
- vendor/microsoft
- canonical/microsoft windows operating system
- canonical/windows 10
- canonical/microsoft windows