CVE-2015-0313

ENISA EUVD: EUVD-2015-0326 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 5, 2026 1 article

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

92.54%

probability

This CVE has a 92.54% probability of being exploited in the next 30 days.

0% Top 99.7th percentile of all CVEs 100%

CVSS v3.1

Source: NVD

7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

Project Zero

Use-after-free in ByteArray::Clear

Affected Products

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-416 · Use After Free CWE-664 · Improper Control of a Resource Through its Lifetime CWE-666 · Operation on Resource in Wrong Phase of Lifetime CWE-672 · Operation on a Resource after Expiration or Release CWE-825 · Expired Pointer Dereference

Google Project Zero

Discovered

Jan. 14, 2015

Patched

Feb. 5, 2015

Reported by

Elia Florio and Dave Weston of Microsoft, and Peter Pi of Trend Micro

Root Cause Analysis

???

Exploits & PoC

February 0-day for Adobe Flash – Update 2

Qualys Feb 02, 2015

Signal Intelligence

Confidenceⓘ

95%

EPSS 92.54%

CVSS v3.1 7.8

Mentions 1

Last Seen Feb 02, 2015

CNA Information

Analyst Note

Auto-imported from Google Project Zero — confirmed zero-day by definition.

Triage Info

Decided atMar 05, 2026