CVE DATABASE / CVE-2015-3113

CVE-2015-3113

Adobe Flash Player Heap-Based Buffer Overflow Vulnerability

CVSS 9.8 · CRITICAL ⚠ CISA KEV — ACTIVELY EXPLOITED

On the CISA KEV catalog

Confirmed exploited in the wild. Added 2022-04-13. Federal remediation due 2022-05-04.
Required action: The impacted product is end-of-life and should be disconnected if still in use.

Summary

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.

CVSS 3.1 breakdown

Base score	9.8 (CRITICAL)
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack vector	NETWORK
Attack complexity	LOW
Privileges required	NONE
User interaction	NONE
Scope	UNCHANGED
Confidentiality	HIGH
Integrity	HIGH
Availability	HIGH

Weakness type (CWE)

Affected products

Adobe flash playerApple mac os xMicrosoft windowsLinux linux kernelOpensuse evergreenOpensuse opensuseSuse linux enterprise desktopSuse linux enterprise workstation extensionHp insight orchestrationHp system management homepageHp systems insight managerHp version control agentHp version control repository managerHp virtual connect enterprise managerRedhat enterprise linux desktopRedhat enterprise linux eusRedhat enterprise linux serverRedhat enterprise linux workstation

Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

References

Data: NIST NVD + CISA KEV. NVD last modified 2026-04-21. Always verify against the vendor advisory before acting.