Cadastre-se agora para um orçamento mais personalizado!

Oracle OIT Image Export SDK libvs_pdf XRef Index Code Execution Vulnerability

Apr, 20, 2016 Hi-network.com

Talos has recently discovered a vulnerability in Oracle'sOutside In Technology Image Export SDK which, when exploited, allows an attacker to overflow the heap, leading to arbitrary code execution. The vulnerability lies in the Image Export SDK's parsing of Portable Document Format (PDF) files.

While parsing a PDF file which contains an Xref object, values from the /Index entry are used to handle the decoded stream. A malformed PDF file with many objects specified by the /Index entry can lead to a memory overwrite past the ends of the allocated buffer, overwriting adjacent heap chunks.

Read More


tag-icon Tags quentes :

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.