LIVE NEWSROOM · --:-- · May 25, 2026
A LIBRARY FOR SECURITY RESEARCHERS

CVE DATABASE  /  CVE-2015-3043

CVE-2015-3043

Adobe Flash Player Memory Corruption Vulnerability

CVSS 9.8 · CRITICAL ⚠ CISA KEV — ACTIVELY EXPLOITED
On the CISA KEV catalog

Confirmed exploited in the wild. Added 2022-03-03. Federal remediation due 2022-03-24.
Required action: The impacted product is end-of-life and should be disconnected if still in use.

Summary

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.

CVSS 3.1 breakdown

Base score9.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack vectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityHIGH
IntegrityHIGH
AvailabilityHIGH

Weakness type (CWE)

Affected products

Adobe flash playerLinux linux kernelApple mac os xMicrosoft windowsNovell suse linux enterprise desktopNovell suse linux enterprise workstation extensionOpensuse evergreenOpensuse opensuseRedhat enterprise linux desktopRedhat enterprise linux eusRedhat enterprise linux serverRedhat enterprise linux server ausRedhat enterprise linux server from rhuiRedhat enterprise linux workstation
Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

References

Data: NIST NVD + CISA KEV. NVD last modified 2026-04-21. Always verify against the vendor advisory before acting.

Scroll to Top