CVE-2019-7090
First published: Fri May 24 2019(Updated: )
Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Player for Google Chrome versions 32.0.0.114 and earlier, and Flash Player for Microsoft Edge and Internet Explorer 11 versions 32.0.0.114 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Flash Player Desktop Runtime | <=32.0.0.114 | |
| Apple macOS | ||
| Google Chrome OS | ||
| Linux Linux kernel | ||
| Microsoft Windows | ||
| Adobe Flash Player | <=32.0.0.114 | |
| Adobe Flash Player | <=32.0.0.114 | |
| Adobe Flash Player | <=32.0.0.114 | |
| Microsoft Windows 10 | ||
| Microsoft Windows 8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-7090?
CVE-2019-7090 is an out-of-bounds read vulnerability in Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Player for Google Chrome versions 32.0.0.114 and earlier, and Flash Player for Microsoft Edge and Internet Explorer 11 versions 32.0.0.114 and earlier.
What is the severity of CVE-2019-7090?
The severity of CVE-2019-7090 is medium, with a severity value of 6.5.
Who is affected by CVE-2019-7090?
Users of Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Player for Google Chrome versions 32.0.0.114 and earlier, and Flash Player for Microsoft Edge and Internet Explorer 11 versions 32.0.0.114 and earlier are affected by CVE-2019-7090.
How can CVE-2019-7090 be exploited?
CVE-2019-7090 can be exploited by an attacker to perform an out-of-bounds read, which could lead to information disclosure or potential code execution.
What is the fix for CVE-2019-7090?
To fix CVE-2019-7090, update your Flash Player to version 32.0.0.156 or later provided by Adobe.
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/adobe
- canonical/adobe flash player desktop runtime
- version/adobe flash player desktop runtime/32.0.0.114
- vendor/apple
- canonical/apple macos
- vendor/google
- canonical/google chrome os
- vendor/linux
- canonical/linux linux kernel
- vendor/microsoft
- canonical/microsoft windows
- canonical/adobe flash player
- version/adobe flash player/32.0.0.114
- canonical/microsoft windows 10
- canonical/microsoft windows 8.1