The ActionScript parameter conversion in the fix for an issue in the December Flash bulletin APSB15-32 can sometimes access a parameter on the native stack that is uninitialized.
982e087bae1ff3d75902f159298bed43a1c32bb041ce513c46a96da67786a262
Red Hat Security Advisory 2016-0438-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
243892d3b6c81033b8b216d1caf1cfdab86d6157849227d81580220b267c521d