UBUNTU-CVE-2017-11225
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 09 Dec 2017, 06:29
Last modified:16 Jul 2025, 07:35
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.8 CRITICAL
3.0 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
09 Dec 2017, 06:29
Published
Vulnerability first disclosed
16 Jul 2025, 07:35
Last Modified
Vulnerability information updated
Description
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
CVSS Metrics
- v3.0•CRITICAL•Score: 9.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Systems
- ubuntu•flashplugin-nonfree
< 27.0.0.187ubuntu0.14.04.1 | < 27.0.0.187ubuntu0.16.04.1