{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-11-21T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20081122 Adobe Flash Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/498561/100/0/threaded"}, {"name": "33390", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33390"}, {"tags": ["x_refsource_MISC"], "url": "http://www.isecpartners.com/advisories/2008-01-flash.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"}, {"tags": ["x_refsource_MISC"], "url": "http://www.adobe.com/support/security/bulletins/apsb08-22.html"}, {"name": "34226", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34226"}, {"name": "4692", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4692"}, {"name": "GLSA-200903-23", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"}, {"name": "248586", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5363", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20081122 Adobe Flash Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/498561/100/0/threaded"}, {"name": "33390", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33390"}, {"name": "http://www.isecpartners.com/advisories/2008-01-flash.txt", "refsource": "MISC", "url": "http://www.isecpartners.com/advisories/2008-01-flash.txt"}, {"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"}, {"name": "http://www.adobe.com/support/security/bulletins/apsb08-22.html", "refsource": "MISC", "url": "http://www.adobe.com/support/security/bulletins/apsb08-22.html"}, {"name": "34226", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34226"}, {"name": "4692", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4692"}, {"name": "GLSA-200903-23", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"}, {"name": "248586", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:49:12.347Z"}, "title": "CVE Program Container", "references": [{"name": "20081122 Adobe Flash Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/498561/100/0/threaded"}, {"name": "33390", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33390"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.isecpartners.com/advisories/2008-01-flash.txt"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.adobe.com/support/security/bulletins/apsb08-22.html"}, {"name": "34226", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34226"}, {"name": "4692", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4692"}, {"name": "GLSA-200903-23", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"}, {"name": "248586", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5363", "datePublished": "2008-12-08T11:00:00.000Z", "dateReserved": "2008-12-07T00:00:00.000Z", "dateUpdated": "2024-08-07T10:49:12.347Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*", "matchCriteriaId": "31300012-1803-451C-9304-7D532CAAD597", "versionEndExcluding": "1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9617651-EBE0-443C-9C56-75A6DB6DFA2C", "versionEndExcluding": "9.0.151.0", "versionStartIncluding": "9.0.16.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "24B27C65-29D0-42D7-8293-67839687888A", "versionEndExcluding": "10.0.12.36", "versionStartIncluding": "10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file."}, {"lang": "es", "value": "La m\u00e1quina virtual ActionScript v2 en Adobe Flash Player v10.x anteriores a v10.0.12.36 y en v9.x anteriores a v9.0.151.0, y en Adobe AIR anteriores a v1.5, no realizan validaci\u00f3n de los caracteres de los elementos durante la recuperaci\u00f3n de la estructura de datos del diccionario, permitiendo a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a puntero NULO y parada de la aplicaci\u00f3n) mediante un fichero PDF modificado."}], "id": "CVE-2008-5363", "lastModified": "2026-04-23T00:35:47.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-12-08T11:30:06.097", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/33390"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/34226"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://securityreason.com/securityalert/4692"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.adobe.com/support/security/bulletins/apsb08-22.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.isecpartners.com/advisories/2008-01-flash.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/498561/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/33390"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/34226"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://securityreason.com/securityalert/4692"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.adobe.com/support/security/bulletins/apsb08-22.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.isecpartners.com/advisories/2008-01-flash.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/498561/100/0/threaded"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2008:0980", "cpe": "cpe:/a:redhat:rhel_extras:3", "package": "flash-plugin-0:9.0.151.0-1.el3.with.oss", "product_name": "Extras for RHEL 3", "release_date": "2008-11-12T00:00:00Z"}, {"advisory": "RHSA-2008:0980", "cpe": "cpe:/a:redhat:rhel_extras:4", "package": "flash-plugin-0:9.0.151.0-1.el4", "product_name": "Extras for RHEL 4", "release_date": "2008-11-12T00:00:00Z"}, {"advisory": "RHSA-2008:0945", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "flash-plugin-0:10.0.12.36-2.el5", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2008-10-28T00:00:00Z"}], "bugzilla": {"description": "security flaw", "id": "1618339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618339"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified"}, "details": ["The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file."], "name": "CVE-2008-5363", "public_date": "2008-11-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-5363\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-5363"], "threat_severity": "Low"}

{}