Cyber Resilience

CVE-2015-5119

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 08 July 2015

Published
08 July 2015
Modified
21 April 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9321 99.8th percentile
Risk Priority 96 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2015-5119 is a critical-severity Use After Free (CWE-416) vulnerability in Adobe Flash Player. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-18 (Mobile Code) and SI-3 (Malicious Code Protection).

Deeper analysis

CVE-2015-5119 is a use-after-free vulnerability (CWE-416) in the ByteArray class within Adobe Flash Player's ActionScript 3 implementation. It affects versions 13.x up to 13.0.0.296, 14.x up to 18.0.0.194 on Windows and OS X, and 11.x up to 11.2.202.468 on Linux, enabling memory corruption when specially crafted Flash content overrides a valueOf function.

Remote attackers can exploit the flaw by delivering malicious Flash content, such as through a web browser or document, to achieve arbitrary code execution or a denial of service without requiring authentication or user interaction beyond viewing the content. The vulnerability was actively exploited in the wild during July 2015.

Advisories from openSUSE and related distributions reference updates to address the issue in Flash Player, while public reporting notes the availability of proof-of-concept code tied to the Hacking Team leak highlighting multiple unpatched Flash weaknesses. The flaw carries a CVSS 3.1 base score of 9.8, reflecting its network-exposable impact on confidentiality, integrity, and availability.

EU & UK References

Vulnerability details

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary…

more

code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

adobe
flash player
13.0.0.182 — 13.0.0296 · 14.0.0.125 — 18.0.0.194 · ≤ 11.2.202.468
redhat
enterprise linux desktop
5.0, 6.0
redhat
enterprise linux eus
6.6
redhat
enterprise linux server
5.0, 6.0
redhat
enterprise linux server aus
6.6
redhat
enterprise linux server from rhui
5.0, 6.0
redhat
enterprise linux workstation
5.0, 6.0
opensuse
evergreen
11.4
opensuse
opensuse
13.1, 13.2
suse
linux enterprise desktop
11, 12
+1 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly restricts use of untrusted Flash/ActionScript mobile code that delivers the crafted ByteArray exploit.

preventdetect

Blocks or detects malicious Flash content before the use-after-free memory corruption can be triggered.

prevent

Disables or removes the Flash Player capability entirely, eliminating the vulnerable ByteArray attack surface.

References