Adobe Security Bulletin APSB20-58 for Adobe Flash Player describes a flaw that can possibly lead to arbitrary code execution when Flash Player is used to play a specially crafted SWF file: NULL Pointer Dereference -- CVE-2020-9746 Adobe Security Bulletin also notes: Exploitation of CVE-2020-9746 requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL. External References: https://helpx.adobe.com/security/products/flash-player/apsb20-58.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2020:4251 https://access.redhat.com/errata/RHSA-2020:4251
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-9746