Candidate: CVE-2018-4877
PublicDate: 2018-02-06 21:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4877
 https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
Description:
 A use-after-free vulnerability was discovered in Adobe Flash Player before
 28.0.0.161. This vulnerability occurs due to a dangling pointer in the
 Primetime SDK related to media player's quality of service functionality. A
 successful attack can lead to arbitrary code execution.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: chriscoulson
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_flashplugin-nonfree:
upstream_flashplugin-nonfree: released (28.0.0.161)
precise/esm_flashplugin-nonfree: DNE
trusty_flashplugin-nonfree: released (28.0.0.161ubuntu0.14.04.1)
trusty/esm_flashplugin-nonfree: DNE (trusty was released [28.0.0.161ubuntu0.14.04.1])
xenial_flashplugin-nonfree: released (28.0.0.161ubuntu0.16.04.1)
artful_flashplugin-nonfree: released (28.0.0.161ubuntu0.17.10.1)
devel_flashplugin-nonfree: released (28.0.0.161ubuntu1)

Patches_adobe-flashplugin:
upstream_adobe-flashplugin: released (28.0.0.161)
precise/esm_adobe-flashplugin: DNE
trusty_adobe-flashplugin: released (1:20180206.1-0ubuntu0.14.04.1)
trusty/esm_adobe-flashplugin: DNE (trusty was released [1:20180206.1-0ubuntu0.14.04.1])
xenial_adobe-flashplugin: released (1:20180206.1-0ubuntu0.16.04.1)
artful_adobe-flashplugin: released (1:20180206.1-0ubuntu0.17.10.1)
devel_adobe-flashplugin: not-affected (1:20180206.1-0ubuntu1)