There is a heap overflow in ATF image packing. The file included in this archive demonstrates the vulnerability.
75949283b275ba71dc670b094f371b7c75020394f96a47c29fb5a1af31f4c0a4
Red Hat Security Advisory 2016-1238-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.626. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
c0c9fbef4ec7a269fa643ac58d395d29ca13045fcab606f33211d418abde9278