CVE-2014-9164

critical

Published 2014-12-10 · Modified 2026-05-06

CVSS v3

—

CVSS v2

10.0

VIR risk

10.0

Description

Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0587.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@adobe.com — http://helpx.adobe.com/security/products/flash-player/apsb14-27.html

OS impact

OS	Version	Status	Fixed in
linux-kernel		not-affected
macos		not-affected

Application impact

Vendor	Product	Versions	Fixed
adobe	flash_player	`{"startIncluding":"13.0","endExcluding":"13.0.0.259"}`	`13.0.0.259`

References

http://helpx.adobe.com/security/products/flash-player/apsb14-27.html
http://helpx.adobe.com/security/products/flash-player/apsb14-27.html

CWEs

CWE-94

Verify integrity in audit chain (admin only). AS-IS.