UBUNTU-CVE-2017-3112
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 09 Dec 2017, 06:29
Last modified:16 Jul 2025, 08:13
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.8 CRITICAL
3.0 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
09 Dec 2017, 06:29
Published
Vulnerability first disclosed
16 Jul 2025, 08:13
Last Modified
Vulnerability information updated
Description
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
CVSS Metrics
- v3.0•CRITICAL•Score: 9.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Systems
- ubuntu•flashplugin-nonfree
< 27.0.0.187ubuntu0.14.04.1 | < 27.0.0.187ubuntu0.16.04.1