CVE DATABASE / CVE-2018-5002
CVE-2018-5002
Adobe Flash Player Stack-based Buffer Overflow Vulnerability
CVSS 7.8 · HIGH
⚠ CISA KEV — ACTIVELY EXPLOITED
On the CISA KEV catalog
Confirmed exploited in the wild. Added 2022-05-23.
Federal remediation due 2022-06-13.
Required action: The impacted product is end-of-life and should be disconnected if still in use.
Summary
Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVSS 3.1 breakdown
| Base score | 7.8 (HIGH) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Adobe flash player desktop runtimeApple mac os xLinux linux kernelMicrosoft windowsAdobe flash playerGoogle chrome osMicrosoft windows 10Microsoft windows 8.1Redhat enterprise linux desktopRedhat enterprise linux serverRedhat enterprise linux workstation
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://www.securityfocus.com/bid/104412
- http://www.securitytracker.com/id/1041058
- https://access.redhat.com/errata/RHSA-2018:1827
- https://helpx.adobe.com/security/products/flash-player/apsb18-19.html
- https://security.gentoo.org/glsa/201806-02
- https://github.com/cisagov/vulnrichment/issues/196
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-5002
Data: NIST NVD + CISA KEV. NVD last modified 2025-11-18. Always verify against the vendor advisory before acting.