LIVE NEWSROOM · --:-- · May 25, 2026
A LIBRARY FOR SECURITY RESEARCHERS

CVE DATABASE  /  CVE-2015-8651

CVE-2015-8651

Adobe Flash Player Integer Overflow Vulnerability

CVSS 8.8 · HIGH ⚠ CISA KEV — ACTIVELY EXPLOITED
On the CISA KEV catalog

Confirmed exploited in the wild. Added 2022-05-25. Federal remediation due 2022-06-15.
Required action: The impacted product is end-of-life and should be disconnected if still in use.

Summary

Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.

CVSS 3.1 breakdown

Base score8.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack vectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionREQUIRED
ScopeUNCHANGED
ConfidentialityHIGH
IntegrityHIGH
AvailabilityHIGH

Weakness type (CWE)

Affected products

Adobe air sdkAdobe air sdk \& compilerApple iphone osApple mac os xGoogle androidMicrosoft windowsAdobe flash playerLinux linux kernelAdobe airRedhat enterprise linux desktopRedhat enterprise linux serverRedhat enterprise linux workstationOpensuse evergreenOpensuse opensuseSuse linux enterprise desktopSuse linux enterprise workstation extensionHp insight controlHp insight control server provisioningHp matrix operating environmentHp system management homepage
Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

References

Data: NIST NVD + CISA KEV. NVD last modified 2026-04-22. Always verify against the vendor advisory before acting.

Scroll to Top