CVE-2019-8075: Insufficient data validation in Flash
First published: Tue Mar 26 2019(Updated: )
Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
Credit: psirt@adobe.com Nethanel Gelernter Cyberpion (https://www.cyberpion.com)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome (Trace Event) | <87.0.4280.66 | 87.0.4280.66 |
| Adobe Flash Player | <=32.0.0.207 | |
| macOS | ||
| Linux Kernel | ||
| Microsoft Windows Operating System | ||
| Macromedia Flash Player | <=32.0.0.207 | |
| Chrome OS | ||
| Macromedia Flash Player | <=32.0.0.207 | |
| Macromedia Flash Player | <=32.0.0.207 | |
| Windows 10 | ||
| Microsoft Windows | ||
| Google Chrome | <87.0.4280.66 | |
| Google Chrome | <87.0.4280.67 | |
| Debian Linux | =10.0 | |
| Red Hat Fedora | =32 | |
| Red Hat Fedora | =33 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html (Advisory)
- https://crbug.com/945997
- https://helpx.adobe.com/security/products/flash-player/apsb19-30.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AB2XOYF26EBHJEI6LXCBL32TGZM7UHQ4/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW/
- https://www.debian.org/security/2021/dsa-4824
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AB2XOYF26EBHJEI6LXCBL32TGZM7UHQ4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2020-16018
- CVE-2020-16019
- CVE-2020-16020
- CVE-2020-16021
- CVE-2020-16022
- CVE-2020-16015
- CVE-2020-16014
- CVE-2020-16023
- CVE-2020-16024
- CVE-2020-16025
- CVE-2020-16045
- CVE-2020-16026
- CVE-2020-16027
- CVE-2020-16028
- CVE-2020-16029
- CVE-2020-16030
- CVE-2020-16031
- CVE-2020-16032
- CVE-2020-16033
- CVE-2020-16034
- CVE-2020-16035
- CVE-2020-16012
- CVE-2020-16036
Frequently Asked Questions
What is the vulnerability ID for this Adobe Flash Player vulnerability?
The vulnerability ID for this Adobe Flash Player vulnerability is CVE-2019-8075.
What is the severity of CVE-2019-8075?
The severity of CVE-2019-8075 is high with a CVSS score of 7.5.
What is the affected software?
The affected software includes Adobe Flash Player version 32.0.0.192 and earlier versions.
What is the impact of the vulnerability?
Successful exploitation of CVE-2019-8075 could lead to information disclosure in the context of the current user.
Are there any fixes or patches available for CVE-2019-8075?
Yes, Adobe has released a security bulletin (APSB19-30) with patches to address the vulnerability. It is recommended to update to version 32.0.0.207 of Adobe Flash Player.
- agent/type
- agent/remedy
- agent/description
- agent/severity
- agent/author
- agent/title
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/event
- agent/trending
- agent/source
- collector/chrome-releases
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/google
- canonical/google chrome (trace event)
- vendor/adobe
- canonical/adobe flash player
- version/adobe flash player/32.0.0.207
- vendor/apple
- canonical/macos
- vendor/linux
- canonical/linux kernel
- vendor/microsoft
- canonical/microsoft windows operating system
- canonical/macromedia flash player
- version/macromedia flash player/32.0.0.207
- canonical/chrome os
- canonical/windows 10
- canonical/microsoft windows
- canonical/google chrome
- vendor/debian
- canonical/debian linux
- version/debian linux/10.0
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/32
- version/red hat fedora/33