CVE-2008-5363

The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file.

Published: Dec 8, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-5363
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
adobe / flash_player	9.0.16.0	9.0.151.0
adobe / flash_player	10	10.0.12.36
adobe / air	-	1.5

http://secunia.com/advisories/33390
http://secunia.com/advisories/34226
http://security.gentoo.org/glsa/glsa-200903-23.xml
http://securityreason.com/securityalert/4692
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
http://www.adobe.com/support/security/bulletins/apsb08-22.html
http://www.isecpartners.com/advisories/2008-01-flash.txt
http://www.securityfocus.com/archive/1/498561/100/0/threaded

Vulnerability Database

289,697

CVE-2008-5363