VDB
CVE-2017-2986
CVE-2017-2986
PUBLISHED
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution.
EPSS 38.11% · 97.3th percentile
Risk Scores
EPSS Score
38.11%
97.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | flashplugin-nonfree | 0, 11.2.202.310ubuntu1, 11.2.202.332ubuntu1 |
| Ubuntu:16.04:LTS | flashplugin-nonfree | 0, 11.2.202.540ubuntu2, 11.2.202.548ubuntu1 |
Exploit Intelligence
- https://www.exploit-db.com/exploits/41423/ (nist-nvd)
- CIRCL exploited: CVE-2017-2986 (circl-sighting)
- GLSA-201702-20 (circl)
- RHSA-2017:0275 (circl)
- 96193 (circl)
- 1037815 (circl)
- https://helpx.adobe.com/security/products/flash-player/apsb17-04.html (circl)
- Adobe Flash - YUVPlane Decoding Heap Overflow Exploit (0day-today)
- Adobe Flash - YUVPlane Decoding Heap Overflow Exploit (0day-today)
Timeline
- Feb 15, 2017 CVE Published
- Feb 21, 2017 PoC Published
- Feb 22, 2017 PoC Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- May 13, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-2986 third-party-advisory
- https://helpx.adobe.com/security/products/flash-player/apsb17-04.html third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-2986 third-party-advisory