CVE-2019-8075: Insufficient data validation in Flash
First published: Tue Mar 26 2019(Updated: )
Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
Credit: psirt@adobe.com Nethanel Gelernter Cyberpion (https://www.cyberpion.com)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Flash Player Desktop Runtime | <=32.0.0.207 | |
| Apple macOS | ||
| Linux Linux kernel | ||
| Microsoft Windows | ||
| Adobe Flash Player | <=32.0.0.207 | |
| Google Chrome OS | ||
| Adobe Flash Player | <=32.0.0.207 | |
| Adobe Flash Player | <=32.0.0.207 | |
| Microsoft Windows 10 | ||
| Microsoft Windows 8.1 | ||
| Google Chrome | <87.0.4280.66 | |
| Google Chrome | <87.0.4280.67 | |
| Debian Debian Linux | =10.0 | |
| Fedoraproject Fedora | =32 | |
| Fedoraproject Fedora | =33 | |
| Google Chrome | <87.0.4280.66 | 87.0.4280.66 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html (Advisory)
- https://crbug.com/945997
- https://helpx.adobe.com/security/products/flash-player/apsb19-30.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AB2XOYF26EBHJEI6LXCBL32TGZM7UHQ4/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW/
- https://www.debian.org/security/2021/dsa-4824
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AB2XOYF26EBHJEI6LXCBL32TGZM7UHQ4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2020-16018
- CVE-2020-16019
- CVE-2020-16020
- CVE-2020-16021
- CVE-2020-16022
- CVE-2020-16015
- CVE-2020-16014
- CVE-2020-16023
- CVE-2020-16024
- CVE-2020-16025
- CVE-2020-16045
- CVE-2020-16026
- CVE-2020-16027
- CVE-2020-16028
- CVE-2020-16029
- CVE-2020-16030
- CVE-2020-16031
- CVE-2020-16032
- CVE-2020-16033
- CVE-2020-16034
- CVE-2020-16035
- CVE-2020-16012
- CVE-2020-16036
Frequently Asked Questions
What is the vulnerability ID for this Adobe Flash Player vulnerability?
The vulnerability ID for this Adobe Flash Player vulnerability is CVE-2019-8075.
What is the severity of CVE-2019-8075?
The severity of CVE-2019-8075 is high with a CVSS score of 7.5.
What is the affected software?
The affected software includes Adobe Flash Player version 32.0.0.192 and earlier versions.
What is the impact of the vulnerability?
Successful exploitation of CVE-2019-8075 could lead to information disclosure in the context of the current user.
Are there any fixes or patches available for CVE-2019-8075?
Yes, Adobe has released a security bulletin (APSB19-30) with patches to address the vulnerability. It is recommended to update to version 32.0.0.207 of Adobe Flash Player.
- agent/references
- agent/type
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/remedy
- agent/description
- collector/chrome-releases
- agent/software-canonical-lookup
- agent/severity
- agent/author
- agent/softwarecombine
- agent/title
- agent/first-publish-date
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/adobe
- canonical/adobe flash player desktop runtime
- version/adobe flash player desktop runtime/32.0.0.207
- vendor/apple
- canonical/apple macos
- vendor/linux
- canonical/linux linux kernel
- vendor/microsoft
- canonical/microsoft windows
- canonical/adobe flash player
- version/adobe flash player/32.0.0.207
- vendor/google
- canonical/google chrome os
- canonical/microsoft windows 10
- canonical/microsoft windows 8.1
- canonical/google chrome
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/32
- version/fedoraproject fedora/33