Oracle Outside In PDF 8.5.2 Parsing Memory Corruption Vulnerability
- Date Published:2015-12-05
- Last Updated:2015-12-05
- Version Affected: Oracle Outside In PDF 8.5.0 Oracle Outside In PDF 8.5.1 Oracle Outside In PDF 8.5.2
- CVE: CVE-2015-4877 | BID-77130
An heap memory corruption occured when Outside In decode (DCTDecode) a PDF with a JPEG that have an invalid Heigth value. The vulnerability can execution of arbitrary code by opening or previewing a malicious file.
1. Oracle Company Update:http://www.oracle.com/index.html
2. If you have purchased NGAF appliance, update WAF signature database to version 20151204 or above.