Adobe Security Advisory APSA18-01 for Adobe Flash Player describes an use-after-free flaw that can possibly lead to code exeucution when Flash Player is used to play a specially crafted SWF file.
Quoting from the APSA18-01:
Use-after-free Remote Code Execution Critical CVE-2018-4878
Fixed Flash Player version is not yet available. Quoting from the Adobe Security Bulletin:
Adobe will address this vulnerability in a release planned for the week of February 5.
Updated Flash Player version 18.104.22.168 was released today to correct this issue. The update is documented in the Adobe Security Bulletin APSB18-03, which describes one additional use-after-free flaw corrected in the same update:
Use After Free Remote Code Execution Critical CVE-2018-4877
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:0285 https://access.redhat.com/errata/RHSA-2018:0285