Oracle Outside In PDF 8.5.2 Parsing Memory Corruption Vulnerability

Summary

    An heap memory corruption occured when Outside In decode (DCTDecode) a PDF with a JPEG that have an invalid Heigth value. The vulnerability can execution of arbitrary code by opening or previewing a malicious file. 

Solution

    1. Oracle Company Update:http://www.oracle.com/index.html

    2. If you have purchased NGAF appliance, update WAF signature database to version 20151204 or above.