CVE-2015-4878
Oracle Outside In PDF 8.5.2 - Parsing Memory Corruption
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4877.
Vulnerabilidad no especificada en el componente Oracle Outside In Technology en Oracle Fusion Middleware 8.5.0, 8.5.1 y 8.5.2 permite a usuarios locales afectar a la disponibilidad a través de vectores desconocidos relacionados con Outside In Filters, una vulnerabilidad diferente a CVE-2015-4877.
Secunia Research has discovered two vulnerabilities in Oracle Outside In Technology, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the SDK. An error in the vstga.dll when processing TGA files can be exploited to cause an out-of-bounds write memory access. An error in the libxwd2.dll when processing XWD files can be exploited to cause a stack-based buffer overflow. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. Oracle Outside In versions 8.5.0, 8.5.1, and 8.5.2 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-06-24 CVE Reserved
- 2015-10-21 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/134089/Oracle-Outside-In-Buffer-Overflow.html | X_refsource_misc |
|
| http://www.securityfocus.com/archive/1/536762/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/77133 | Vdb Entry | |
| http://www.securitytracker.com/id/1033898 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/38789 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | 2018-10-09 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Fusion Middleware Search vendor "Oracle" for product "Fusion Middleware" | 8.5.0 Search vendor "Oracle" for product "Fusion Middleware" and version "8.5.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Fusion Middleware Search vendor "Oracle" for product "Fusion Middleware" | 8.5.1 Search vendor "Oracle" for product "Fusion Middleware" and version "8.5.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Fusion Middleware Search vendor "Oracle" for product "Fusion Middleware" | 8.5.2 Search vendor "Oracle" for product "Fusion Middleware" and version "8.5.2" | - |
Affected
| ||||||