CVE-2014-0502

Publication date 21 February 2014

Last updated 23 September 2024

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

8.8 · High

Score breakdown

Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
adobe-flashplugin 13.10 saucy
Fixed 11.2.202.341-0saucy1
12.10 quantal
Fixed 11.2.202.341-0quantal1
12.04 LTS precise
Fixed 11.2.202.341-0precise1
10.04 LTS lucid Ignored end of life
flashplugin-nonfree 13.10 saucy
Fixed 11.2.202.341ubuntu0.13.10.1
12.10 quantal
Fixed 11.2.202.341ubuntu0.12.10.1
12.04 LTS precise
Fixed 11.2.202.341ubuntu0.12.04.1
10.04 LTS lucid Ignored end of life

Severity score breakdown

Parameter Value
Base score 8.8 · High
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H