CVE-2014-0498

Name: CVE-2014-0498
Creator: NVD / NIST
Published: 2014-02-21T05:06:54.517+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 7.22%

Last modified Jun 17, 2026

CVE-2014-0498 is a vulnerability of currently unknown severity. Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors.. EPSS estimates a 7.22% chance of exploitation in the next 30 days.

Description

Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors.

Metrics

EPSS Probability

7.22%

93.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
Adobe	Flash Player	>= 11.0, < 11.7.700.269
Adobe	Flash Player	>= 11.8, < 11.8.800.175
Adobe	Flash Player	>= 11.9, < 12.0.0.70
Adobe	Adobe Air Sdk	< 4.0.0.1628
Adobe	Flash Player	>= 11.0, < 11.2.202.341
Adobe	Adobe Air	< 4.0.0.1628

References

http://helpx.adobe.com/security/products/flash-player/apsb14-07.htmlPatch, Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.htmlMailing List, Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0196.htmlThird Party Advisory
http://security.gentoo.org/glsa/glsa-201405-04.xmlThird Party Advisory
http://helpx.adobe.com/security/products/flash-player/apsb14-07.htmlPatch, Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.htmlMailing List, Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0196.htmlThird Party Advisory
http://security.gentoo.org/glsa/glsa-201405-04.xmlThird Party Advisory

Timeline

Published: Feb 21, 2014
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-0498?

How severe is CVE-2014-0498?

Severity scoring for CVE-2014-0498 is pending analysis. The EPSS model estimates a 7.22% probability of exploitation in the next 30 days.

How do I fix CVE-2014-0498?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-0498?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST